Re: [squid-users] Re: SSLBump, help to configure for 3.1.0.16

From: Andres Salazar <ndrsslzr80_at_gmail.com>
Date: Mon, 22 Feb 2010 15:48:57 -0600

Just confirming. You are telling me that I cannot configure a browser
with a proxy while at the same time squid is configured to SSLBump the
https requests?

Please confirm.. without proper docs this can get confusing. Thanks.

Andres

On Thu, Feb 18, 2010 at 2:38 AM, Henrik Nordstrom
<henrik_at_henriknordstrom.net> wrote:
> ons 2010-02-17 klockan 22:40 -0700 skrev Alex Rousskov:
>> On 02/16/2010 12:54 PM, Andres Salazar wrote:
>> > Hello,
>> >
>> > Iam still having issues with SSLBump .. apparently iam now getting
>> > this error when I visit an https site with my browser explicity
>> > configured to use the https_port  .
>> >
>> > 2010/02/16 14:31:14| clientNegotiateSSL: Error negotiating SSL
>> > connection on FD 8: error:1407609B:SSL
>> > routines:SSL23_GET_CLIENT_HELLO:https proxy request (1/-1)
>
> This error is seen if a browser is configured to use a Squid https_port
> as HTTP proxy port for secure (SSL/TLS) connections. To be exact it's
> from the OpenSSL library where the library barfs at receiving an HTTP
> CONNECT request where an SSL/TLS handshake was expected.
>
> For explicit proxy configuration the browser must be configured to use a
> Squid http_port.
>
> Regards
> Henrik
>
>
Received on Mon Feb 22 2010 - 21:49:05 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 23 2010 - 12:00:06 MST