* Henrik Nordstrƶm <henrik_at_henriknordstrom.net>:
> fre 2011-01-21 klockan 11:31 +0100 skrev Ralf Hildebrandt:
> > > >1294685115.286 0 10.43.120.109 NONE/501 4145 POST https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- text/html
> >
> > So, I enabled SSL using --enable-ssl and now I'm getting:
> >
> > 1295605546.943 313 141.42.231.227 TCP_MISS/503 4251 GET https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_DIRECT/194.151.178.174 text/html
> > and the error output consists of the ERR_SECURE_CONNECT_FAIL error message
>
> In both cases Squid received an https:// request unencrypted over plain
> HTTP.
Yes
> In the first case, as your Squid did not have SSL support if could not
> forward the request at all, as it can not wrap the unencrypted request
> in SSL/TLS for forwardning to the requested server.
Yup, correct. The default in debian/Ubuntu is to build without
--enable-ssl
> In the section case Squid and the server did not agree on the SSL
> protocol.
I wonder what went wrong in that case.
> If using this http->https gatewaying capability then you should
> configure Squid to not use SSLv2. SSLv2 is considered broken beyond
> repair these days. See sslproxy_options for how to tune this in Squid.
I did that, disabled v2 but it wouldn't work anyway. But in the
meantime they fixed their broken app :)
-- Ralf Hildebrandt GeschƤftsbereich IT | Abteilung Netzwerk CharitƩ - UniversitƤtsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.deReceived on Mon Jan 24 2011 - 17:45:12 MST
This archive was generated by hypermail 2.2.0 : Tue Jan 25 2011 - 12:00:03 MST