Hello all.
I apologize if this has been asked before (I assume so), but I havenīt been able to find any good explanations from the archives.
Iīm running Squid-2.5-stable10 with the ssl-patch in acceleration mode, and have problems with the ssl connections.
I need the following connections: http -> http, https->http and https->https. There are multiple servers to be accelerated behind squid, running in various ports.
The part of squid configuration that deals with this stuff is as follows:
http_port squid-ip:80
https_port squid-ip:443 cert=path/to/cert key=path/to/key
https_port other-squid-ip:443 cert=path/to/cert key=path/to/key
httpd_accel_host virtual
httpd_accel_port 0
httpd_accel_with_proxy off
httpd_accel_singe_host off
httpd_accel_uses_host_header on
redirect_program path/to/jesred
redirect_children 10
visible_hostname nameofsquid
In jesred rules I have these two rules for testing:
regexi ^https://squid-ip/tst/(.*) https://server-ip:443/\1 ^https://squid-ip/tst
regexi ^http://squid-ip/tst/(.*) http://server-ip/\1 ^http://squid-ip/tst
With this configuration if a client tries to access https://squid-ip/tst/index.html, squid answers with Read Error (104) Connection reset by peer.
From the cache.log I get this:
2005/06/16 09:42:03| clientNegotiateSSL: Error negotiating SSL connection on FD 20: error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
If I understand right, squid is receiving an http request, while waiting for an https, or did I get it totally wrong?
Any help would be appreciated.
Thank you,
-tuukka
Received on Thu Jun 16 2005 - 03:01:09 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Jul 01 2005 - 12:00:02 MDT