Re: [squid-users] Re: SSLBump, help to configure for 3.1.0.16

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 23 Feb 2010 10:59:09 +1300

On Mon, 22 Feb 2010 15:48:57 -0600, Andres Salazar <ndrsslzr80_at_gmail.com>
wrote:
> Just confirming. You are telling me that I cannot configure a browser
> with a proxy while at the same time squid is configured to SSLBump the
> https requests?
>
> Please confirm.. without proper docs this can get confusing. Thanks.
>
> Andres

Yes AND no.

 *https_port* (note the 's') cannot be bumped and configured.

 *http_port* (note the lack of 's') MUST be configured to be bumped.

Amos

>
> On Thu, Feb 18, 2010 at 2:38 AM, Henrik Nordstrom
> <henrik_at_henriknordstrom.net> wrote:
>> ons 2010-02-17 klockan 22:40 -0700 skrev Alex Rousskov:
>>> On 02/16/2010 12:54 PM, Andres Salazar wrote:
>>> > Hello,
>>> >
>>> > Iam still having issues with SSLBump .. apparently iam now getting
>>> > this error when I visit an https site with my browser explicity
>>> > configured to use the https_port .
>>> >
>>> > 2010/02/16 14:31:14| clientNegotiateSSL: Error negotiating SSL
>>> > connection on FD 8: error:1407609B:SSL
>>> > routines:SSL23_GET_CLIENT_HELLO:https proxy request (1/-1)
>>
>> This error is seen if a browser is configured to use a Squid https_port
>> as HTTP proxy port for secure (SSL/TLS) connections. To be exact it's
>> from the OpenSSL library where the library barfs at receiving an HTTP
>> CONNECT request where an SSL/TLS handshake was expected.
>>
>> For explicit proxy configuration the browser must be configured to use
a
>> Squid http_port.
>>
>> Regards
>> Henrik
>>
>>
Received on Mon Feb 22 2010 - 22:08:06 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 23 2010 - 12:00:06 MST