Re: A selection of SSL bugs...

From: Henrik Nordstrom <>
Date: Thu, 22 Oct 1998 20:24:12 +0200 wrote:
> If I try browsing to, Squid
> does a CONNECT which is clearly duff.

This is most likely not Squid's fault. It is a browser bug. In both
cases the connect request should be


There is no way that Squid could get hold of that :98 digit unless the
browser sent it to Squid, which is shouldn't as this is private
information that should be sent encrypted on the established SSL tunnel.

Remember that it is the browser that does the CONNECT request. Squid
only handles the request. If the request is garbage then Squid can't do
much about that.

> If I'm making a basic misunderstanding, please do put me right; I
> have to be clear about this, as I have clients who want to know
> what's going on :-)

Check what the browser sends to Squid on these requests. My Netscape
versions sends:

User-Agent: Mozilla/3.01Gold (X11; I; Linux 2.0.34 i586)


User-Agent: Mozilla/4.04 [en] (X11; I; Linux 2.0.34 i586)

which is clearly invalid as it has no port number. It also is a very
strange host name to try connecting to...

Henrik Nordstrom
Spare time Squid hacker
Received on Thu Oct 22 1998 - 15:05:43 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:45 MST