Re: [squid-users] URL can not be retrieved

I disabled in browser to use Squid as a proxy. However I could not get any
connection on https://mail.xyz.com. The squid.conf is as following:

https_port 443 cert=/usr/local/ssl/cacert.pem key=/usr/local/ssl/privkey.pem
httpd_accel_host i.j.k.l
httpd_accel_port 443
httpd_accel_single_host on
httpd_accel_with_proxy on
acl accel_servers dst i.j.k.l
acl port443 port 443
acl http protocol http
http_access allow accel_servers http port443

Now what I did today:
1. I disabled certificate on Exchange server and changed following:

        httpd_accel_port 443 -to- httpd_accel_port 80
        acl port443 port 443 -to- acl port80 port 80
        http_access allow accel_servers http port443 -to- http_access allow
accel_servers http port80

Allowed in firewall-2 to the pass traffice between squid server and exchange
server on port 80 in place of 443.
This arrangement worked OK. This means that there was no encryption between
between squid server and exchange server. Is this not possible?

2. After this I restored the changes made in step 1. In the access.log I get
follwoing:

1078818083.121 43952 168.187.198.212 TCP_MISS/000 0 GET http://i.j.k.l/
- DIRECT/172.29.1.14 -

Thinking that the messages should have been "GET https:/i.j.k.l, so I
changed follwoing in squid.conf -

 acl http protocol http -to- acl https protocol https

but I am getting same message in access.log. Can I not have SSL between
client & Squid-Rev and Squid-Rev & Exchange srever????????

3. Another question ( may be I am late to ask it) Can I not have SSL between
Exchange & client, Squid-Reverse proxy just pass it i.e. Tunneling SSL
through Proxy in reverse mode?

Thanks

Rakesh Kumar Jha

************************************************************************
On Mon, 8 Mar 2004, Rakesh Kumar wrote:

> 2004/03/08 10:27:41| clientNegotiateSSL: Error negotiating SSL

> connection on FD

> 10: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy

> request

You get this if you have configured your browser to use Squid as a proxy.

Don't do this for reverse-proxying.

Regards

Henrik

#####################################################################################
DISCLAIMER
Any non-official business related views, opinions and other information presented
in this electronic mail are solely those of the sender/author. Burgan Bank does not
endorse or accept responsibility for these opinions, views or conclusions.

If you are not the addressee indicated in this electronic mail or responsible for
delivering this electronic message to the inteded recipient, you should delete this
message and notify the sender immediately.

Burgan Bank
#####################################################################################
Received on Tue Mar 09 2004 - 03:49:14 MST