Re: [squid-users] Squid SSL transparent proxy - SSL_connect:error in SSLv2/v3 read server hello A from Larry Zhao on 2013-10-17 (squid-users)

From: Larry Zhao <thehiddendepth_at_gmail.com>
Date: Fri, 18 Oct 2013 09:59:38 +0800

Hi, Eliezer,

Yes, my problem to solve is only to proxy to this specific host, no
other subdomains need considering.

And to be honest, I am new to this part, from what I could get from
the page you mentioned, I need to use ssl-bump? Am I right?

--
Cheers ~
Larry
On Fri, Oct 18, 2013 at 2:48 AM, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
> Hey,
>
> Only to this specific host or also all the subdomains etc..
> It differs a bit..
> A small look at this wiki:
> http://wiki.squid-cache.org/Features/MimicSslServerCert
>
> Will calrify some doubts and situations which you will might see some
> problem.
>
> Eliezer
>
>
> On 10/17/2013 06:44 PM, Larry Zhao wrote:
>>
>> Hi, Guys,
>>
>>
>> I am trying to setup a SSL proxy for one of my internal servers to
>> visit `https://www.googleapis.com` using Squid, to make my Rails
>> application on that server to reach `googleapis.com` via the proxy.
>>
>>
>> I am new to this, so my approach is to setup a SSL transparent proxy
>> with Squid. I build `Squid 3.3` on Ubuntu 12.04, generated a pair of
>> ssl key and crt, and configure squid like this:
>>
>>
>>      http_port 443 transparent cert=/home/larry/ssl/server.csr
>> key=/home/larry/ssl/server.key
>>
>>
>> And leaves almost all other configurations default. The authorization
>> of the dir that holds key/crt is `drwxrwxr-x  2 proxy proxy    4096
>> Oct 17 15:45 ssl`
>>
>>
>> Back on my dev laptop, I put `<proxy-server-ip> www.googleapis.com` in
>> my `/etc/hosts` to make the call goes to my proxy server.
>>
>>
>> But when I try it in my rails application, I got:
>>
>>
>>      SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A:
>> unknown protocol
>>
>>
>> And I also tried with openssl in cli:
>>
>>
>>      openssl s_client -state -nbio -connect www.googleapis.com:443 2>&1
>> | grep "^SSL"
>>
>>      SSL_connect:before/connect initialization
>>
>>      SSL_connect:SSLv2/v3 write client hello A
>>
>>      SSL_connect:error in SSLv2/v3 read server hello A
>>
>>      SSL_connect:error in SSLv2/v3 read server hello A
>>
>>
>>
>> Where did I do wrong?
>>
>> --
>>
>> Cheers ~
>>
>> Larry
>>
>

Received on Fri Oct 18 2013 - 02:00:11 MDT

This archive was generated by hypermail 2.2.0 : Fri Oct 18 2013 - 12:00:07 MDT