Le 11/03/2018 à 10:17, Amos Jeffries a écrit : > In your config you changed your 3128 to receiving port-80 (origin-form) > syntax with "intercept". So port 3130 was necessary to takeover > receiving of the normal proxy traffic. > > The TLS wrappers on HTTPS need special handling to decrypt so that needs > another port setup to do that decryption first and HTTP message handling > after. "https_port" directive sets up a port for that. > > NP: the "ssl-bump" flag does not mean simply receiving HTTPS traffic, it > means specifically decrypting HTTPS traffic destined *to another server* > - ie MITM at the TLS level. Which can be done for port-443 traffic OR > for CONNECT messages in the proxy (port-3128) syntax traffic. Thus it is > applicable on both https_port and http_port traffic respectively.
Thanks very much for your detailed answer ! Cheers ! Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : i...@microlinux.fr Tél. : 04 66 63 10 32 _______________________________________________ squid-users mailing list firstname.lastname@example.org http://lists.squid-cache.org/listinfo/squid-users