[squid-users] question about encrypted connection between https client and Squid
Yuri Voinov
yvoinov at gmail.com
Sun Mar 1 20:34:36 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
If it was possible, all of this simply would not be necessary:
http://wiki.squid-cache.org/ConfigExamples/Intercept#Traffic_Interception_capture_into_Squid
02.03.15 2:03, Antony Stone пишет:
> On Sunday 01 March 2015 at 19:17:22 (EU time), Yuri Voinov wrote:
>
>> 02.03.15 0:07, Julianne Bielski пишет:
>>>
>>> http_port 443 ssl-bump
>>> cert=/usr/local/squid3/etc/site_priv+pub.pem
>>
>> http_port 3128 intercept https_port 3129 intercept ssl-bump
>> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
>> cert=/usr/local/squid/etc/rootCA.crt
>> key=/usr/local/squid/etc/rootCA.key
>>
>> 443->3129 port mappind does with NAT.
>
> Just out of interest, is there any functional difference between:
>
> - Squid listening (in intercept mode) on port 3129, and NAT
> redirecting packets on port 443 to port 3129
>
> and
>
> - Squid listening (in intercept mode) on port 443 ?
>
> It seems to me from a networking perspective the two should be
> identical, so I wonder whether there really is any fundctional
> reason for doing the NAT and listening on the redirected port?
>
>
> Thanks,
>
>
> Antony.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJU83fcAAoJENNXIZxhPexGlkcIAJthx+5/TPFHPB8Q1e7sYHIw
OfA6UWv5GxquRuXRAHzpwsYmHWU7FAwMXQjBwcA4XQ5XuX+Pazro45AYsDZIOkNw
ljKCTEKDR1Aq8S553g89dL4aVidkxeb56qxCMDnNVe4Gd11E4c2dPrFEphJ1R29o
hvqy19+9fJt6NkXmgdSsVUC9+K8zwp3kxRyUxXiZAUSsZwbJ843Zn9jO0RPJ0o//
L5c07DuI/+Skq5mYWgUPcaAONrLpHd49jnYw98j+O4bee1wex5ZwPkpNEYXVd/e/
cXCDkovtOJA95jZom7eJxuawh2WPgViyBIWGBVFwUKvFYeVdPwlZK3frPlr7Quo=
=1hO7
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list