Re: [squid-users] NONE/501 in an https:// POST request

From: Henrik Nordström <henrik_at_henriknordstrom.net>
Date: Mon, 24 Jan 2011 01:38:57 +0100

fre 2011-01-21 klockan 11:31 +0100 skrev Ralf Hildebrandt:
> > >1294685115.286 0 10.43.120.109 NONE/501 4145 POST https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- text/html
>
> So, I enabled SSL using --enable-ssl and now I'm getting:
>
> 1295605546.943 313 141.42.231.227 TCP_MISS/503 4251 GET https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_DIRECT/194.151.178.174 text/html
> and the error output consists of the ERR_SECURE_CONNECT_FAIL error message

In both cases Squid received an https:// request unencrypted over plain
HTTP.

In the first case, as your Squid did not have SSL support if could not
forward the request at all, as it can not wrap the unencrypted request
in SSL/TLS for forwardning to the requested server.

In the section case Squid and the server did not agree on the SSL
protocol.

If using this http->https gatewaying capability then you should
configure Squid to not use SSLv2. SSLv2 is considered broken beyond
repair these days. See sslproxy_options for how to tune this in Squid.

Regards
Henrik
Received on Mon Jan 24 2011 - 00:39:02 MST

This archive was generated by hypermail 2.2.0 : Mon Jan 24 2011 - 12:00:03 MST