[squid-users] 2 way SSL on a non standard SSL Port

Amos Jeffries squid3 at treenet.co.nz
Wed Nov 25 00:11:46 UTC 2015

On 25/11/2015 11:41 a.m., Bart Spedden wrote:
> Hello,
> I have a java application that is successfully making REST calls to a 3rd
> party vendor that requires 2 way SSL on port 8184 for some calls and 1 way
> SSL on port 8185 for other calls. However, when I start proxying the calls
> with squid all 1 and 2 way SSL calls fail.

What is "X way SSL" ?

Squid 3.4 supports TLS, SSLv2, and SSLv3.

> I added ports 8184 and 8185 to both SSL_Ports and Safe_ports via the
> following:
> acl SSL_ports port 8184
> acl SSL_ports port 8185
> acl Safe_ports port 8184
> acl Safe_ports port 8185

You don't need to add any ports 1025 or higher to Safe_ports. They are
already included in the range "1025-65535 # unregistered ports"

The change to SSL_ports is correct for allowing CONNECT to those ports.

Squid is now relaying traffic between the client and server across blind
tunnels. It has ZERO interaction with them or the data sent.

That said, there are a few major bugs in CONNECT handling that have been
uncovered and fixed since 3.4.3 release was made. Please try an upgrade
to latest Squid-3.5 and see if the problem disappears.


More information about the squid-users mailing list