[squid-users] SSL on different ports
Ronan Lucio
ronanlucio at gmail.com
Thu Oct 8 01:18:03 UTC 2020
Hi Amos,
> You are referring to the SSL_ports ACL ?
Yes.
Got your point.
Thanks for the clarification
Ronan
On Wed, Oct 7, 2020 at 4:55 PM Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
> On 7/10/20 2:16 pm, Ronan Lucio wrote:
> > Hi,
> >
> > By default, Squid accepts SSL connection only to port 443.
>
> You are referring to the SSL_ports ACL ?
>
> That does not mean accepting SSL connections. Only that the port is
> known to be used primarily for SSL. So that opening opaque CONNECT
> tunnels there have lower security risk.
>
>
> > Are there any security concerns when need to accept HTTPS connections
> > on other ports?
> >
>
> Anything at all can go through a CONNECT tunnel and all your egress
> firewall and other security will be able to tell is that the traffic
> came from Squid.
>
> If you are certain the traffic is actually HTTPS and not something else
> it should be okay. But do check for that first.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list