Amos Jeffries-2 wrote > On 20/06/2013 2:08 a.m., marwan wrote: >> Thank you for your help >> >> >> Amos Jeffries-2 wrote >>> Because the parent is expecting to receive plain-HTTP from the child. >>> The child is sending SSL traffic to the parent. >>> >>> Use an https_port with a normal server certificate (nothing special like >>> ssl-bump) on the parent proxy. >> Can you explain me please the difference between http_port and >> https_port? > > http_port receives HTTP protocol (plain text). > https_port receives HTTPS protocol (SSL wrapped HTTP). > > > >> We can exchange ssl trafics with http_port, so why is it interesting to >> use >> https_port? > > No you cannot exchange SSL traffic with http_port. Squid only parses > unencrypted HTTP traffic on http_port. > > I think you are possibly confusing the ability to open a binary tunnel > through a HTTP proxy using CONNECT messages, with receiving and > processing native SSL. SSL-bump allows Squid to decrypt the CONNECT > tunnels, but that is *very* different from receiving the native SSL > traffic. > > Amos
Thank you. I have another question. You say me that to use the SSL parameters of cache_peer, I have to use https_port. But I have read that https_port is used for the reverse proxy mode. So, I want to know if we can only use the SSL parameters of cache_peer in the reverse proxy mode? Regards, -- HALLOUMI Marwan -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-behind-another-squid-with-sslbump-tp4660678p4660746.html Sent from the Squid - Users mailing list archive at Nabble.com.
