[squid-users] question about encrypted connection between https client and Squid
yvoinov at gmail.com
Sun Mar 1 20:33:22 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
02.03.15 2:03, Antony Stone пишет:
> On Sunday 01 March 2015 at 19:17:22 (EU time), Yuri Voinov wrote:
>> 02.03.15 0:07, Julianne Bielski пишет:
>>> http_port 443 ssl-bump
>> http_port 3128 intercept https_port 3129 intercept ssl-bump
>> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
>> 443->3129 port mappind does with NAT.
> Just out of interest, is there any functional difference between:
> - Squid listening (in intercept mode) on port 3129, and NAT
> redirecting packets on port 443 to port 3129
> - Squid listening (in intercept mode) on port 443 ?
Yes. Second will not work. Two days ago one man here tries to do
something like this without nat. With expected result. :)
> It seems to me from a networking perspective the two should be
> identical, so I wonder whether there really is any fundctional
> reason for doing the NAT and listening on the redirected port?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the squid-users