On Mon, 22 Feb 2010 15:48:57 -0600, Andres Salazar <ndrsslzr80@xxxxxxxxx> wrote: > Just confirming. You are telling me that I cannot configure a browser > with a proxy while at the same time squid is configured to SSLBump the > https requests? > > Please confirm.. without proper docs this can get confusing. Thanks. > > Andres Yes AND no. *https_port* (note the 's') cannot be bumped and configured. *http_port* (note the lack of 's') MUST be configured to be bumped. Amos > > On Thu, Feb 18, 2010 at 2:38 AM, Henrik Nordstrom > <henrik@xxxxxxxxxxxxxxxxxxx> wrote: >> ons 2010-02-17 klockan 22:40 -0700 skrev Alex Rousskov: >>> On 02/16/2010 12:54 PM, Andres Salazar wrote: >>> > Hello, >>> > >>> > Iam still having issues with SSLBump .. apparently iam now getting >>> > this error when I visit an https site with my browser explicity >>> > configured to use the https_port . >>> > >>> > 2010/02/16 14:31:14| clientNegotiateSSL: Error negotiating SSL >>> > connection on FD 8: error:1407609B:SSL >>> > routines:SSL23_GET_CLIENT_HELLO:https proxy request (1/-1) >> >> This error is seen if a browser is configured to use a Squid https_port >> as HTTP proxy port for secure (SSL/TLS) connections. To be exact it's >> from the OpenSSL library where the library barfs at receiving an HTTP >> CONNECT request where an SSL/TLS handshake was expected. >> >> For explicit proxy configuration the browser must be configured to use a >> Squid http_port. >> >> Regards >> Henrik >> >>
