Re: [squid-users] ssl-bump, server-first from Alex Rousskov on 2013-03-20 (squid-users)

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Wed, 20 Mar 2013 11:45:39 -0600

On 03/20/2013 11:27 AM, Delton wrote:
>>> The first time when accessing(direct, no F5):
>>>
>>> 1363776566.837 0 192.168.0.52 TCP_DENIED/200 0 CONNECT
>>> www.facebook.com:443 - HIER_NONE/- -
>>> 1363776566.912 0 192.168.0.52 NONE/403 3575 GET
>>> https://www.facebook.com/ - HIER_NONE/- text/html
>>>
>>> I see the error message from Squid.

>> The above looks correct to me: Squid knew that the connection should be
>> denied, responded with 200 OK to the CONNECT request, bumped the
>> connection, received the first bumped GET request, and sent the error
>> message.
>>
>> Does browser show any signs that it is expecting more of the Squid error
>> message (e.g., spinning browser logo or some such)? Or does it look like
>> the browser is 100% happy? Is there an established TCP connection from
>> browser to Squid after the above Squid error message is displayed for a
>> few seconds?

> I used TCPView to see the connections:
> In the first time Squid shows the message 'Access denied' and a
> connection between the client and the server stands established.

In the previous email you said that "the conection continues until the
server sends FIN, ACK". I wonder whether that connection was the
Squid-server connection and now you are describing the browser-Squid
connection? Is the summary below accurate?

  1. Browser connects and sends plain CONNECT to Squid.
  2. Squid connects to the origin server using TLSv1.
  3. Squid sends 200 OK to the browser.
  4. Browser sends a GET request to Squid.
  5. Squid sends an error page to the browser.
  6. Some time passes.
  7. You press F5.
  8. Somebody closes the browser-Squid connection.
  9. Browser says "Proxy refused the connection".

> If I press F5 to refresh the browser, the established connection is
> closed and the browser show 'Proxy refused the connection'.

Questions:

  a) Which side initiated browser-Squid connection closure in #8?
  b) When did the Squid-origin server connection close?
  c) Which side initiated the connection closure in (b)?

Thank you,

Alex.
Received on Wed Mar 20 2013 - 17:45:42 MDT

This archive was generated by hypermail 2.2.0 : Thu Mar 21 2013 - 12:00:04 MDT