[squid-users] Squid https_port

Amos Jeffries squid3 at treenet.co.nz
Fri Sep 14 23:08:51 UTC 2018


On 15/09/18 5:49 AM, John Refwe wrote:
> Hi,
>  
> I have a couple of questions about the squid https_port.
>  
> 1) Does it only exist for transparent connections? I know if I want to
> have a transparent proxy that can accept requests TLS requests, I need
> to have the port be a https_port rather than a http_port, but is that
> what it was created for?

https_port is for receiving port 443 https:// (HTTP over TLS) rather
than port 3128 or 80  http:// (HTTP over TCP).


>  
> 2) How come the https_port does not support receiving proxy protocol?
> Perhaps I'm misunderstanding a bit here, but I thought that HAProxy
> supports sending it before instantiating a TLS connection?

HAProxy does, Squid does not (yet). Mainly because OpenSSL was the code
receiving TLS handshakes. SSL-Bump changes that somewhat, but has not
stabilized enough yet to integrate PROXY protocol into the new TLS
parser. Patches welcome.

Amos


More information about the squid-users mailing list