Re: [squid-users] Re: Squid 2.7+SSL on Windows will not proxy SSL requests from Jake Hawkes on 2010-10-06 (squid-users)

From: Jake Hawkes <jakehawkes_at_computer.org>
Date: Wed, 6 Oct 2010 15:28:35 +0200

FYI to the list:
I had commented out the never_direct allow all config parameter.
Uncommenting this solved my problem.
Sigh.
=)
-J

On Wed, Oct 6, 2010 at 2:00 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 04/10/10 20:24, Jake Hawkes wrote:
>>
>> Can anyone help me with this?
>> Am I missing something obvious?
>>
>> On Thu, Sep 30, 2010 at 11:09 AM, Jake Hawkes<jakehawkes_at_computer.org>
>> wrote:
>>>
>>> Hello,
>>>
>>> I am running Squid 2.7.STABLE8 on Windows XP. I am primarily doing
>
> <snip>
>>>
>>> It all falls down with HTTPS however.
>>>
>>> I honestly can't remember if this has ever worked, (I seem to think it
>>> did) but now I am completely stumped.
>>> I have checked the windows firewall, and it is off.
>>> I have downloaded the SSL package from acme, and there is no
>>> difference in the behaviour.
>
> K. Thats the build you need to be using.
>
>>>
>>> The SSL connections from the browser timeout. Chome reports "Waiting
>>> for proxy tunnel" in the status bar, and then fails with this error:
>>> Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error.
>
> The network underneath squid is blocking the port 443 connections.
>
> Browser gets the Squid fine, Squid locates the destination okay and starts
> connecting, then that TCP error #111.
>
> Apparently this is an error produced by the GSE (google web server). Though
> I have no way to verify that claim.
>
> <snip>
>>>
>>> 30/Sep/2010:10:43:46,127.0.0.1, mail.google.com:443, TCP_MISS/000, 0
>>> > 30/Sep/2010:10:48:01,127.0.0.1, www.dropbox.com:443, TCP_MISS/504, 0
>>> >
>
> The 000 indicates Squid tried to fetch but got no data back except a forced
> close packet from the remote end.
> The second is the same with a Squid timeout being reached instead of a
> forced-close packet.
>
> Some educated guesses would be
> SSL version(s) built into Squid are not supported by the remote end (you
> are screwed).
> Network troubles going through some device to port 443 (test with a
> non-proxied connection attempt).
> TCP window scaling, ECN, or PMTU issues (test with tcp ping packets of
> various sizes and see if any sizes cause hanging).
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.8
> Beta testers wanted for 3.2.0.2
>

-- 
----
jakehawkes_at_computer.org
+34 670 683 799

Received on Wed Oct 06 2010 - 13:28:43 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 06 2010 - 12:00:02 MDT