[squid-users] Introduction & Squid ports
Nicolas Kovacs
info at microlinux.fr
Sun Mar 11 09:20:23 UTC 2018
Le 11/03/2018 à 10:17, Amos Jeffries a écrit :
> In your config you changed your 3128 to receiving port-80 (origin-form)
> syntax with "intercept". So port 3130 was necessary to takeover
> receiving of the normal proxy traffic.
>
> The TLS wrappers on HTTPS need special handling to decrypt so that needs
> another port setup to do that decryption first and HTTP message handling
> after. "https_port" directive sets up a port for that.
>
> NP: the "ssl-bump" flag does not mean simply receiving HTTPS traffic, it
> means specifically decrypting HTTPS traffic destined *to another server*
> - ie MITM at the TLS level. Which can be done for port-443 traffic OR
> for CONNECT messages in the proxy (port-3128) syntax traffic. Thus it is
> applicable on both https_port and http_port traffic respectively.
Thanks very much for your detailed answer !
Cheers !
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32
More information about the squid-users
mailing list