[squid-users] http_port vs https_port (Alex Rousskov)

Gordon Hsiao capcoding at gmail.com
Wed Jun 27 23:04:36 UTC 2018 

>
> Date: Wed, 27 Jun 2018 11:55:29 -0500
> From: Gordon Hsiao <capcoding at gmail.com>
> To: squid-users at lists.squid-cache.org
> Subject: [squid-users] http_port vs https_port
> Message-ID:
>         <
> CAK0iFYxX6_jYmE1HDsdSvoOf5_pbMEVoaTaVnbzH56ULjNi9NQ at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Reading all the cfg options in Squid 3.5 I noticed http_port has lots of
> SSL related options(which it should not), plus https_port is referring to
> http_port for those options, should http_port have nothing to do with
> ssl-specific options and those ssl-options could be better moved to
> https_port section instead?
>
> http://www.squid-cache.org/Versions/v3/3.5/cfgman/http_port.html
> http://www.squid-cache.org/Versions/v3/3.5/cfgman/https_port.html
>
> Gordon
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.squid-cache.org/pipermail/squid-users/attachments/20180627/53c8530f/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Wed, 27 Jun 2018 11:23:22 -0600
> From: Alex Rousskov <rousskov at measurement-factory.com>
> To: Gordon Hsiao <capcoding at gmail.com>,
>         squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] http_port vs https_port
> Message-ID:
>         <ac390312-1c93-627f-fb9a-5b2ff6a564f5 at measurement-factory.com>
> Content-Type: text/plain; charset=utf-8
>
> On 06/27/2018 10:55 AM, Gordon Hsiao wrote:
> > Reading all the cfg options in Squid 3.5 I noticed http_port has lots of
> > SSL related options(which it should not), plus https_port is referring
> > to http_port for those options, should http_port have nothing to do with
> > ssl-specific options and those ssl-options could be better moved to
> > https_port section instead?
>
> http_port uses SSL options when bumping HTTP CONNECT tunnels.
>
> Alex.
>
>
 Keep reading http_port vs https_port here...

1. http_port does not require openssl, https_port does, however http_port
can do ssl-bump so I would think http_port is conditionally depending on
openssl
2. reading cfgman v3.5 page I could not really tell their difference when
openssl/ssl-bump is involved, it seems http_port is a superset of
https_port and they behave the same when ssl-bump(splice or bump) is to be
used.

Since http_port (--with-openssl) seems can do everything https_port can do,
why do we have https_port at all? in which circumstances I must use
https_port?

Thanks,
Gordon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180627/b87d7156/attachment.html>

More information about the squid-users mailing list