Re: A selection of SSL bugs...

From: <>
Date: Thu, 22 Oct 1998 10:38:39 +0100


Thanks for your speedy response. I think I'm being a bit dense here, so can
you clarify some points for me.

If I try browsing to, Squid does a proper CONNECT and I get a username/password dialogue box. This is fine
and correct.

If I try browsing to, Squid does a
CONNECT which is clearly duff. ("" is
the local_domain as defined in squid.conf; "98" is the first two digits of
the password!) This looks like a parsing problem to me. I don't believe
it's a client problem as the erroneous string is made up of bits from the
squid.conf file on the proxy and also, when we point the client straight at
the SSL server, the same URL works fine. If it's simply a case of Squid not
supporting SSL URLs with passwords then that's clear enough.

If I'm making a basic misunderstanding, please do put me right; I have to
be clear about this, as I have clients who want to know what's going on :-)

Many thanks for your time, Henrik.


Richard Stagg

Henrik Nordstrom <>
22/10/98 09:20

To: Richard Stagg/TMU/CSC
cc:, Andrew G Winfer/UK/CSC
Subject: Re: A selection of SSL bugs...

Squid does NOT support SSL, it supports SSL tunneling using the CONNECT
If you get erronous CONNECT requests then this is a client problem, not
a Squid problem. A proper CONNECT request for
"" is "CONNECT"
You can't use a redirector to redirect requests to https, unless you
redirect them using a HTTP redirect (telling the client to use https
Squid 1.X has quite limited forwarding capabilities for SSL. I'd
recommend you to look into Squid 2 to solve your firewall + local domain

Henrik Nordstrom
Spare time Squid hacker
Received on Thu Oct 22 1998 - 03:49:16 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:45 MST