[squid-users] SSL on different ports
Amos Jeffries
squid3 at treenet.co.nz
Wed Oct 7 03:39:32 UTC 2020
On 7/10/20 2:16 pm, Ronan Lucio wrote:
> Hi,
>
> By default, Squid accepts SSL connection only to port 443.
You are referring to the SSL_ports ACL ?
That does not mean accepting SSL connections. Only that the port is
known to be used primarily for SSL. So that opening opaque CONNECT
tunnels there have lower security risk.
> Are there any security concerns when need to accept HTTPS connections
> on other ports?
>
Anything at all can go through a CONNECT tunnel and all your egress
firewall and other security will be able to tell is that the traffic
came from Squid.
If you are certain the traffic is actually HTTPS and not something else
it should be okay. But do check for that first.
Amos
More information about the squid-users
mailing list