Re: [squid-users] ssl_error_rx_record_too_long on Version 2.7.STABLE6

From: florian <florian_at_ekinode.info>
Date: Sun, 05 Jul 2009 09:11:49 +0200

Hey !

Thanks for your answer.

So I guess I just can't set a transparent proxy for https right ?

No workaround ?

On Sun, 2009-07-05 at 17:48 +1200, Amos Jeffries wrote:
> florian wrote:
> > Hello.
> >
> > I've just set up a Squid transparent proxy.
> > Everything works fine except for https.
> >
>
> HTTP port 80 can be intercepted. Or other known plain HTTP port if you
> are very certain of them.
>
> HTTPS is encrypted. Thats what the 'S' means (Secure over SSL).
>
> You _cannot_ intercept an encrypted transaction and expect a plain-text
> HTTP processor to handle it.
>
>
> > When trying to access a ssl site, I got this error :
> >
> > SSL received a record that exceeded the maximum permissible length.
> > (Error code: ssl_error_rx_record_too_long)
> > The page you are trying to view can not be shown because the
> > authenticity of the received data could not be verified.
> >
> > cache.log gives me this error :
> > 2009/07/03 12:19:13| parseHttpRequest: Unsupported method ''
> > 2009/07/03 12:19:13| clientTryParseRequest: FD 21
> > (192.168.12.50:49347) Invalid Request
> >
> > I put my config in attachement.
> >
> > Thanks a lot for any help !
> >
>
> Amos

-- 
For a moment, nothing happened. Then, after a second or so, nothing continued to happen
gpg key : 89B60489

Received on Sun Jul 05 2009 - 07:12:01 MDT

This archive was generated by hypermail 2.2.0 : Sun Jul 05 2009 - 12:00:02 MDT