Re: secure and ssl again

From: Glen Blundell <gmb@dont-contact.us>
Date: Fri, 11 Aug 2000 09:50:29 +1100

I have had similar problems in the past where we talk directly to a
Netscpae proxy .. I found that Netscape would work correctly, as would
IE4, but anything above IE5.x wouldnt...

After doing some analysis we found that Ie5 was sending two extra lines
of headers when doing ssl... a content length 0 and another one which
escapes me at the moment...

the odd solution was that by simply no longer sending 1 line of the
header, it would work (didnt matter which line you picked -unless it was
an important one)

In the end i added the following to my squid.conf and now Ie 5 works
with SSL (these lines come from the documentation for anonymising
headers)

anonymize_headers deny From Referer Server
anonymize_headers deny User-Agent WWW-Authenticate Link

Henrik Nordstrom wrote:
>
> Stefan Bochnig wrote:
>
> > the problem i talked about
> > (http://www.squid-cache.org/mail-archive/squid-users/200008/0176.html) is
> > definetely no browser problem.
> > ie5.5 works correctly with sslv3 connections. maybe anyone has an idea.
> > thanx
>
> I seem to remember some problems with SSL in IE 4.? browsers when behind
> proxies. I don't remember what it was, or if it even got fixed.. was
> never given any priority as it only showed up on some sites, and
> regardless if Squid or NetCache was used as proxy..
>
> It is quite unlikely that SSL problems are proxy problems. Proxies does
> not touch SSL traffic at all, they only establish a full duplex
> connection to the origin server and hands this off to the client. If
> there is a bug in the proxy, then this affects all SSL traffic,
> regardless of browser or SSL version.
>
> --
> Henrik Nordstrom
> Squid hacker
Received on Thu Aug 10 2000 - 16:55:49 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:49 MST