On 19.09.2009, at 04:40, Henrik Nordstrom wrote:
fre 2009-09-18 klockan 17:23 +0200 skrev Benjamin Indermühle:
2009/09/18 09:05:38| fwdNegotiateSSL: Error negotiating SSL
I doubt that.
ntlm breaks during the handshake and not when starting the
connection.
the ssl connection is established.
The errormessage says otherwise. fwdNegotiateSSL is when Squid
negotiates the SSL over a new connection to the requested server.
Regards
Henrik
I think that is the where problem lays.
Why does squid try to negotiate SSL over a connection which is not new
but already established ?
Looking at the tcpdump shows me this.
[squid] open tcp connection
[squid] Client Hello ( open ssl tunnel )
[Exchange] Server Hello, Certificate, Server Hello Done
[Squid] Client Key Exchange
[Exchange] Change Cipher Spec, Finished
[Squid] HTTPS GET NTLM Negotiate
[Exchange] HTTPS NTLM Challenge
[Squid] sends another Client Hello
[Exchange] terminates the TCP Connection
In my eyes the problem is that Squid resends a Client Hello into an
already negotiated SSL Tunnel.
I am guessing that somehow it must invalidate the persisting tunnel.
Maybe there is something wrong with the certifcate, I dont know.
The fact is that this problem only appears during the NTLM handshake.
Basic Auth or owa over the same setup does not cause any of this
behavior.
I can just guess what the problem is.
Maybe there is some additional validation on the tunnel when Squid
wants to send the password.
Regards
Benjamin
