On tor, 2008-05-15 at 19:16 +0300, Jancs wrote: > didn't got: > > i am on my machine trying to contact https://sourceforge.net/my/, my > browser contacts "slave" cache, which in it's order connects to parent > cache using ssl and parent is supposed to connect to the site I want. > In no place use of http_port is intended Ok, that explains it, assuming these SSL messages is from the parent and not the proxy closest to the clients... There is a bug in Squid where it can not forward CONNECT requests properly to ssl enabled peers. On forwarded CONNECT requests it forgets to set up the SSL wrapper on the connection. It only "randomly" works if there happened to be a existing idle persistent connection to the same peer that could be reused for the CONNECT request. This bug only manifests itself on CONNECT requests. A workaround is to forward CONNECT requests over http as usual instead of wrapping them in yet another ssl layer. Another workaround if you really MUST wrap the CONNECT requests in SSL between the proxy servers is to offload the SSL wrapper from Squid by using stunnel. Or the better solution is to fix Squid to behave proper and establis the SSL wrapper on CONNECT requests forwarded to ssl peers just as it does in normal forwarded http requests... Regards Henrik
