> Please note that the reconstructed URL in squid-2.5 is still http:// even > if the request was acceped on an https_port. But thanks to > httpd_accel_port 0 you should be able to identify the requests in the > redirector. This I didn´t know. For that the redirection rules must be changed of course. > > 2005/06/16 09:42:03| clientNegotiateSSL: Error negotiating SSL > connection on FD 20: error:1407609C:SSL > routines:SSL23_GET_CLIENT_HELLO:http request (1/-1) > > Likely cause: > > a) You do not have access controls limiting what may be accessed via your > reverse proxy (open proxy). > > b) The URL issue mentioned above, causing your redirector rules to not > match the requested URL. Changing the redirection rules solved the problem. After that I was fighting for quite a while with SSL3_GET_SERVER_CERTIFICATE:certificate verify failed messages (self signed certificate for testing), until I found that the sslproxy_flags DONT_VERIFY_PEER squid.conf option is needed for this to work. Thank you very much for your help. -tuukka
