Re: [squid-users] Does anyone know how to make https work?

> Dear Amos
> I have another question...
> If it can't work in 3.0 or any 2.x,why can I setup https in transparent
> mode?
> Is it just reserve for ver 3.1?

It's a side-effect of the way squid code is written. On https_port lines
it will still enable the actions shared with the 'accel' option. But the
transparency-specific code will still fail on encrypted traffic as you
noticed.

Amos

>
> ----- Original Message -----
> From: "Amos Jeffries" <squid3@treenet.co.nz>
> To: "Brian Lu" <lyt0112@deansoft.com.tw>
> Cc: <squid-users@squid-cache.org>
> Sent: Tuesday, April 22, 2008 2:50 PM
> Subject: Re: [squid-users] Does anyone know how to make https work?
>
>
>> Brian Lu wrote:
>>> Hi All
>>> I meet a problem:when I use https to access the web pages,my IE always
>>> show me:
>>> 1.If setuped cache_peer:
>>> ¿ù»~
>>> ±ý³sµ²¤§ºô§}¡]URL¡^µLªk¥¿½Tªº¶Ç¦^
>>>
>>> ·í¹Á¸Õ¶Ç¦^¤U­±ªººô§}¡]URL¡^®É¡G
>>> https://www.chb.com.tw/wcm/web/home/index.html
>>> µo¥Í¤F¤U¦Cªº¿ù»~¡G
>>> Unsupported Request Method and Protocol
>>> ©|¥¼¤ä´©ªº­n¨D¤è¦¡©Î³q°T¨ó©w
>>> Squid does not support all request methods for all access protocols.
>>> For
>>> example, you can not POST a Gopher request.
>>> ¦]¬° Squid ¡]ºô¸ô§Ö¨úµ{¦¡¡^¨Ã¥¼¤ä´©©Ò¦³ªº³sµ²­n¨D¤è¦¡¦b¦U¦¡³q°T¨ó©w¤W¡C
>>> ¤ñ¦p»¡¡A§A¤£¯à­n¨D¤@­Ó GOPHER ªº POST ³sµ²­n¨D¡C
>>>
>>> Generated Mon, 21 Apr 2008 05:22:30 GMT by proxy.seed.net.tw
>>> (squid/2.5.STABLE11)
>>>
>>> 2.If no cache_peer:
>>> ERROR
>>> The requested URL could not be retrieved
>>>
>>> While trying to retrieve the URL:
>>> https://www.chb.com.tw/wcm/web/home/index.html
>>> The following error was encountered:
>>> Connection to 210.65.204.245 Failed
>>> The system returned:
>>> (71) Protocol error
>>> The remote host or network may be down. Please try the request again.
>>> Your cache administrator is .
>>>
>>> Generated Mon, 21 Apr 2008 05:18:30 GMT by 192.168.1.254
>>> (squid/3.0.STABLE2)
>>>
>>> My squid version:
>>> [root@192 ]# squid -v
>>> Squid Cache: Version 3.0.STABLE2
>>> configure options: '--enable-ssl' '--enable-linux-netfilter'
>>> '--enable-referer-log'
>>>
>>> My squid.conf:
>> <snip>
>>> http_port 3128 transparent
>>> https_port 3129 cert=/usr/local/squid/etc/cert.pem
>>> key=/usr/local/squid/etc/key.pem transparent
>> <snip>
>>
>> HTTPS cannot be intercepted transparently in 3.0 or any 2.x
>>
>> You need to have 3.1 with sslBump enabled for thatt.
>>
>>
>>>
>>> Does anyone know how to make https work? thank you very much~
>>>
>>> Best regards,
>>> Brian Lu
>>
>> (sorry if my txt is garbled, thunderbird seems not to like unicode
>> editing)
>>
>> Amos
>> --
>> Please use Squid 2.6.STABLE19 or 3.0.STABLE4
>>
>> __________ NOD32 3044 (20080421) Information __________
>>
>> This message was checked by NOD32 antivirus system.
>> http://www.nod32.com.hk
>>
>>
>
>
Received on Thu Apr 24 2008 - 03:52:36 MDT