Le 11/03/2018 à 10:17, Amos Jeffries a écrit :
> In your config you changed your 3128 to receiving port-80 (origin-form)
> syntax with "intercept". So port 3130 was necessary to takeover
> receiving of the normal proxy traffic.
> The TLS wrappers on HTTPS need special handling to decrypt so that needs
> another port setup to do that decryption first and HTTP message handling
> after. "https_port" directive sets up a port for that.
> NP: the "ssl-bump" flag does not mean simply receiving HTTPS traffic, it
> means specifically decrypting HTTPS traffic destined *to another server*
> - ie MITM at the TLS level. Which can be done for port-443 traffic OR
> for CONNECT messages in the proxy (port-3128) syntax traffic. Thus it is
> applicable on both https_port and http_port traffic respectively.

Thanks very much for your detailed answer !

Cheers !


Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
squid-users mailing list

Reply via email to