Janis wrote:
Quoting Chris Robertson <crobertson@xxxxxxx>:
So the child Squid is trying to negotiate an SSL connection with a port
on the Parent that's not set up to accept it. See
http://www.squid-cache.org/Versions/v3/3.0/cfgman/https_port.html for
the proper directive to terminate an SSL connection.
so, on the parent should be the line(s?):
http_port IP:PORT1
for non-ssl connections and
https_port IP:PORT2 cert=self_s_cert.pem key=key.pem
sslflags="NO_DEFAULT_CA NO_SESSION_REUSE"
for ssl connections
That looks reasonable to me.
and on secondary proxy - as was written before?
Just be sure on the secondary proxy to set the cache_peer line to use
PORT2 on the peer if you want to use SSL connections. Also be aware
that if you try to use two ports on the same peer, you are going to have
to use the "name" directive on each cache_peer line like...
cache_peer parent.my.domain parent 3128 3130 proxy-only name=port-3128
cache_peer parent.my.domain parent 3129 3130 proxy-only ssl
sslcert=[blah, blah] name=port-3129
Janis
Chris
