On 20/06/2013 2:08 a.m., marwan wrote:
Thank you for your help
Amos Jeffries-2 wrote
Because the parent is expecting to receive plain-HTTP from the child.
The child is sending SSL traffic to the parent.
Use an https_port with a normal server certificate (nothing special like
ssl-bump) on the parent proxy.
Can you explain me please the difference between http_port and https_port?
http_port receives HTTP protocol (plain text).
https_port receives HTTPS protocol (SSL wrapped HTTP).
We can exchange ssl trafics with http_port, so why is it interesting to use
https_port?
No you cannot exchange SSL traffic with http_port. Squid only parses
unencrypted HTTP traffic on http_port.
I think you are possibly confusing the ability to open a binary tunnel
through a HTTP proxy using CONNECT messages, with receiving and
processing native SSL. SSL-bump allows Squid to decrypt the CONNECT
tunnels, but that is *very* different from receiving the native SSL traffic.
Amos
