Re: [squid-users] NONE/501 in an https:// POST request

From: Ralf Hildebrandt <Ralf.Hildebrandt_at_charite.de>
Date: Fri, 21 Jan 2011 11:31:06 +0100

* Amos Jeffries <squid3_at_treenet.co.nz>:

> >1294680915.190 0 10.43.120.109 NONE/501 4145 POST https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- text/html
> >1294681815.209 0 10.43.120.109 NONE/501 4145 POST https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- text/html
> >1294682115.216 0 10.43.120.109 NONE/501 4145 POST https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- text/html
> >1294682715.230 0 10.43.120.109 NONE/501 4145 POST https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- text/html
> >1294683315.245 0 10.43.120.109 NONE/501 4145 POST https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- text/html
> >1294683615.251 0 10.43.120.109 NONE/501 4145 POST https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- text/html
> >1294684815.280 0 10.43.120.109 NONE/501 4145 POST https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- text/html
> >1294685115.286 0 10.43.120.109 NONE/501 4145 POST https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- text/html

So, I enabled SSL using --enable-ssl and now I'm getting:

1295605546.943 313 141.42.231.227 TCP_MISS/503 4251 GET https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_DIRECT/194.151.178.174 text/html
and the error output consists of the ERR_SECURE_CONNECT_FAIL error message

cache.log says:

2011/01/21 11:25:46| fwdNegotiateSSL: Error negotiating SSL connection on FD 1539: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter (1/-1/0)
2011/01/21 11:25:46| fwdNegotiateSSL: Error negotiating SSL connection on FD 281: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter (1/-1/0)
2011/01/21 11:25:46| fwdNegotiateSSL: Error negotiating SSL connection on FD 281: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter (1/-1/0)

I enabled
# START
acl BrokenServersAtTrustedIP dst 194.151.178.174/32
sslproxy_cert_error allow BrokenServersAtTrustedIP
sslproxy_cert_error deny all
# ENDE

What am I missing?

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebrandt@charite.de | http://www.charite.de
	    
Received on Fri Jan 21 2011 - 10:31:29 MST

This archive was generated by hypermail 2.2.0 : Mon Jan 24 2011 - 12:00:03 MST