Janis wrote:
> Quoting Chris Robertson <crobertson@gci.net>:
>
>> So the child Squid is trying to negotiate an SSL connection with a port
>> on the Parent that's not set up to accept it. See
>> http://www.squid-cache.org/Versions/v3/3.0/cfgman/https_port.html for
>> the proper directive to terminate an SSL connection.
>
> so, on the parent should be the line(s?):
>
> http_port IP:PORT1
>
> for non-ssl connections and
>
> https_port IP:PORT2 cert=self_s_cert.pem key=key.pem
> sslflags="NO_DEFAULT_CA NO_SESSION_REUSE"
>
> for ssl connections
That looks reasonable to me.
>
> and on secondary proxy - as was written before?
Just be sure on the secondary proxy to set the cache_peer line to use
PORT2 on the peer if you want to use SSL connections. Also be aware
that if you try to use two ports on the same peer, you are going to have
to use the "name" directive on each cache_peer line like...
cache_peer parent.my.domain parent 3128 3130 proxy-only name=port-3128
cache_peer parent.my.domain parent 3129 3130 proxy-only ssl
sslcert=[blah, blah] name=port-3129
>
> Janis
Chris
Received on Tue Apr 22 2008 - 14:15:32 MDT
This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT