Amos Jeffries-2 wrote
> On 20/06/2013 2:08 a.m., marwan wrote:
>> Thank you for your help
>>
>>
>> Amos Jeffries-2 wrote
>>> Because the parent is expecting to receive plain-HTTP from the child.
>>> The child is sending SSL traffic to the parent.
>>>
>>> Use an https_port with a normal server certificate (nothing special like
>>> ssl-bump) on the parent proxy.
>> Can you explain me please the difference between http_port and
>> https_port?
>
> http_port receives HTTP protocol (plain text).
> https_port receives HTTPS protocol (SSL wrapped HTTP).
>
>
>
>> We can exchange ssl trafics with http_port, so why is it interesting to
>> use
>> https_port?
>
> No you cannot exchange SSL traffic with http_port. Squid only parses
> unencrypted HTTP traffic on http_port.
>
> I think you are possibly confusing the ability to open a binary tunnel
> through a HTTP proxy using CONNECT messages, with receiving and
> processing native SSL. SSL-bump allows Squid to decrypt the CONNECT
> tunnels, but that is *very* different from receiving the native SSL
> traffic.
>
> Amos
Thank you.
I have another question.
You say me that to use the SSL parameters of cache_peer, I have to use
https_port.
But I have read that https_port is used for the reverse proxy mode.
So, I want to know if we can only use the SSL parameters of cache_peer in
the reverse proxy mode?
Regards,
-- HALLOUMI Marwan -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-behind-another-squid-with-sslbump-tp4660678p4660746.html Sent from the Squid - Users mailing list archive at Nabble.com.Received on Fri Jun 21 2013 - 09:42:14 MDT
This archive was generated by hypermail 2.2.0 : Fri Jun 21 2013 - 12:00:36 MDT