Re: [squid-users] ssl_error_rx_record_too_long on Version 2.7.STABLE6

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 05 Jul 2009 17:48:07 +1200

florian wrote:
> Hello.
>
> I've just set up a Squid transparent proxy.
> Everything works fine except for https.
>

HTTP port 80 can be intercepted. Or other known plain HTTP port if you
are very certain of them.

HTTPS is encrypted. Thats what the 'S' means (Secure over SSL).

You _cannot_ intercept an encrypted transaction and expect a plain-text
HTTP processor to handle it.

> When trying to access a ssl site, I got this error :
>
> SSL received a record that exceeded the maximum permissible length.
> (Error code: ssl_error_rx_record_too_long)
> The page you are trying to view can not be shown because the
> authenticity of the received data could not be verified.
>
> cache.log gives me this error :
> 2009/07/03 12:19:13| parseHttpRequest: Unsupported method ''
> 2009/07/03 12:19:13| clientTryParseRequest: FD 21
> (192.168.12.50:49347) Invalid Request
>
> I put my config in attachement.
>
> Thanks a lot for any help !
>

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE16
   Current Beta Squid 3.1.0.9
Received on Sun Jul 05 2009 - 05:48:13 MDT

This archive was generated by hypermail 2.2.0 : Sun Jul 05 2009 - 12:00:02 MDT