[squid-users] question about encrypted connection between https client and Squid
Yuri Voinov
yvoinov at gmail.com
Sun Mar 1 20:33:22 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
02.03.15 2:03, Antony Stone пишет:
> On Sunday 01 March 2015 at 19:17:22 (EU time), Yuri Voinov wrote:
>
>> 02.03.15 0:07, Julianne Bielski пишет:
>>>
>>> http_port 443 ssl-bump
>>> cert=/usr/local/squid3/etc/site_priv+pub.pem
>>
>> http_port 3128 intercept https_port 3129 intercept ssl-bump
>> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
>> cert=/usr/local/squid/etc/rootCA.crt
>> key=/usr/local/squid/etc/rootCA.key
>>
>> 443->3129 port mappind does with NAT.
>
> Just out of interest, is there any functional difference between:
>
> - Squid listening (in intercept mode) on port 3129, and NAT
> redirecting packets on port 443 to port 3129
>
> and
>
> - Squid listening (in intercept mode) on port 443 ?
Yes. Second will not work. Two days ago one man here tries to do
something like this without nat. With expected result. :)
>
> It seems to me from a networking perspective the two should be
> identical, so I wonder whether there really is any fundctional
> reason for doing the NAT and listening on the redirected port?
>
>
> Thanks,
>
>
> Antony.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJU83eSAAoJENNXIZxhPexGWpMH/A320v/Qvyceh8OTyfxNrwRR
s5NntLGL41gF9a0Ie1sgKtNBvmGDgCjBEImBqw3JrK6rIsgReeE7zJ24mUFe97zz
qFOF2OZJVtKzGKDp6qfSqbfXQ5qO1G1nC2oAbB9WUrLRCMrqoMAc7h52MAZUhP1w
CnP8SxQy6rc1UrPs1UiUyWcVHmycNgW3WeUdGQ/14otZ1OrebJxGbVhMkM0OB+Ku
JvxAVg3KnvL0rS8C+qGH0cGVCpvPhkZcgKJrggFCZ0tTQQcR2h73UEyNHnmnt4EN
15A+ZhZqv2LrkKHofV1ZAVtUb74B77ilg6rH9Bb8DJARvBJATZxx9VLkgLAeECY=
=OBz5
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list