<div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Date: Wed, 27 Jun 2018 11:55:29 -0500<br>
From: Gordon Hsiao <<a href="mailto:capcoding@gmail.com" target="_blank">capcoding@gmail.com</a>><br>
To: <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
Subject: [squid-users] http_port vs https_port<br>
Message-ID:<br>
        <<a href="mailto:CAK0iFYxX6_jYmE1HDsdSvoOf5_pbMEVoaTaVnbzH56ULjNi9NQ@mail.gmail.com" target="_blank">CAK0iFYxX6_jYmE1HDsdSvoOf5_pbMEVoaTaVnbzH56ULjNi9NQ@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
Reading all the cfg options in Squid 3.5 I noticed http_port has lots of<br>
SSL related options(which it should not), plus https_port is referring to<br>
http_port for those options, should http_port have nothing to do with<br>
ssl-specific options and those ssl-options could be better moved to<br>
https_port section instead?<br>
<br>
<a href="http://www.squid-cache.org/Versions/v3/3.5/cfgman/http_port.html" rel="noreferrer" target="_blank" class="clutterFree_existingDuplicate clutterFree_noIcon">http://www.squid-cache.org/Versions/v3/3.5/cfgman/http_port.html</a><br>
<a href="http://www.squid-cache.org/Versions/v3/3.5/cfgman/https_port.html" rel="noreferrer" target="_blank" class="clutterFree_existingDuplicate clutterFree_noIcon">http://www.squid-cache.org/Versions/v3/3.5/cfgman/https_port.html</a><br>
<br>
Gordon<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20180627/53c8530f/attachment-0001.html" rel="noreferrer" target="_blank">http://lists.squid-cache.org/pipermail/squid-users/attachments/20180627/53c8530f/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Wed, 27 Jun 2018 11:23:22 -0600<br>
From: Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com" target="_blank">rousskov@measurement-factory.com</a>><br>
To: Gordon Hsiao <<a href="mailto:capcoding@gmail.com" target="_blank">capcoding@gmail.com</a>>,<br>
        <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
Subject: Re: [squid-users] http_port vs https_port<br>
Message-ID:<br>
        <<a href="mailto:ac390312-1c93-627f-fb9a-5b2ff6a564f5@measurement-factory.com" target="_blank">ac390312-1c93-627f-fb9a-5b2ff6a564f5@measurement-factory.com</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
On 06/27/2018 10:55 AM, Gordon Hsiao wrote:<br>
> Reading all the cfg options in Squid 3.5 I noticed http_port has lots of<br>
> SSL related options(which it should not), plus https_port is referring<br>
> to http_port for those options, should http_port have nothing to do with<br>
> ssl-specific options and those ssl-options could be better moved to<br>
> https_port section instead?<br>
<br>
http_port uses SSL options when bumping HTTP CONNECT tunnels.<br>
<br>
Alex.<br>
<br></blockquote><div> </div><div> Keep reading http_port vs https_port here...</div><div><br></div><div>1. http_port does not require openssl, https_port does, however http_port can do ssl-bump so I would think http_port is conditionally depending on openssl</div><div>2. reading cfgman v3.5 page I could not really tell their difference when openssl/ssl-bump is involved, it seems http_port is a superset of https_port and they behave the same when ssl-bump(splice or bump) is to be used.</div><div><br></div><div>Since http_port (--with-openssl) seems can do everything https_port can do, why do we have https_port at all? in which circumstances I must use https_port?</div><div><br></div><div>Thanks,</div><div>Gordon</div></div></div>