Re: ssl_error_rx_record_too_long on Version 2.7.STABLE6

florian <florian@xxxxxxxxxxxx> · Sun, 05 Jul 2009 09:11:49 +0200

Hey !

Thanks for your answer.

So I guess I just can't set a transparent proxy for https right ?

No workaround ?

On Sun, 2009-07-05 at 17:48 +1200, Amos Jeffries wrote: 
> florian wrote:
> > Hello.
> > 
> > I've just set up a Squid transparent proxy.
> > Everything works fine except for https.
> > 
> 
> HTTP port 80 can be intercepted. Or other known plain HTTP port if you 
> are very certain of them.
> 
> HTTPS is encrypted. Thats what the 'S' means (Secure over SSL).
> 
> You _cannot_ intercept an encrypted transaction and expect a plain-text 
> HTTP processor to handle it.
> 
> 
> > When trying to access a ssl site, I got this error :
> > 
> >     SSL received a record that exceeded the maximum permissible length.
> >     (Error code: ssl_error_rx_record_too_long)
> >     The page you are trying to view can not be shown because the 
> > authenticity of the received data could not be verified.
> > 
> > cache.log gives me this error :
> >     2009/07/03 12:19:13| parseHttpRequest: Unsupported method ''
> >     2009/07/03 12:19:13| clientTryParseRequest: FD 21 
> > (192.168.12.50:49347) Invalid Request
> > 
> > I put my config in attachement.
> > 
> > Thanks a lot for any help !
> > 
> 
> Amos
-- 
For a moment, nothing happened. Then, after a second or so, nothing continued to happen
gpg key : 89B60489
Attachment:
signature.asc

Description: This is a digitally signed message part