[squid-users] question about encrypted connection between https client and Squid
Antony Stone
Antony.Stone at squid.open.source.it
Sun Mar 1 20:03:37 UTC 2015
On Sunday 01 March 2015 at 19:17:22 (EU time), Yuri Voinov wrote:
> 02.03.15 0:07, Julianne Bielski пишет:
> >
> > http_port 443 ssl-bump
> > cert=/usr/local/squid3/etc/site_priv+pub.pem
>
> http_port 3128 intercept
> https_port 3129 intercept ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/rootCA.crt
> key=/usr/local/squid/etc/rootCA.key
>
> 443->3129 port mappind does with NAT.
Just out of interest, is there any functional difference between:
- Squid listening (in intercept mode) on port 3129, and NAT redirecting
packets on port 443 to port 3129
and
- Squid listening (in intercept mode) on port 443 ?
It seems to me from a networking perspective the two should be identical, so I
wonder whether there really is any fundctional reason for doing the NAT and
listening on the redirected port?
Thanks,
Antony.
--
It is also possible that putting the birds in a laboratory setting
inadvertently renders them relatively incompetent.
- Daniel C Dennett
Please reply to the list;
please *don't* CC me.
More information about the squid-users
mailing list