[squid-users] Squid https_port
squid3 at treenet.co.nz
Fri Sep 14 23:08:51 UTC 2018
On 15/09/18 5:49 AM, John Refwe wrote:
> I have a couple of questions about the squid https_port.
> 1) Does it only exist for transparent connections? I know if I want to
> have a transparent proxy that can accept requests TLS requests, I need
> to have the port be a https_port rather than a http_port, but is that
> what it was created for?
https_port is for receiving port 443 https:// (HTTP over TLS) rather
than port 3128 or 80 http:// (HTTP over TCP).
> 2) How come the https_port does not support receiving proxy protocol?
> Perhaps I'm misunderstanding a bit here, but I thought that HAProxy
> supports sending it before instantiating a TLS connection?
HAProxy does, Squid does not (yet). Mainly because OpenSSL was the code
receiving TLS handshakes. SSL-Bump changes that somewhat, but has not
stabilized enough yet to integrate PROXY protocol into the new TLS
parser. Patches welcome.
More information about the squid-users