Thank you guys. Iam now bumping the SSL CONNECT requests. The only problem is that iam getting various errors like this on the cache.log. 2010/02/22 17:27:40| clientNegotiateSSL: Error negotiating SSL connection on FD 8: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) 2010/02/22 17:27:40| clientNegotiateSSL: Error negotiating SSL connection on FD 8: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) What is the best way so that squid recognizes this as a known CA? Thanks Andres On Mon, Feb 22, 2010 at 3:59 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On Mon, 22 Feb 2010 15:48:57 -0600, Andres Salazar <ndrsslzr80@xxxxxxxxx> > wrote: >> Just confirming. You are telling me that I cannot configure a browser >> with a proxy while at the same time squid is configured to SSLBump the >> https requests? >> >> Please confirm.. without proper docs this can get confusing. Thanks. >> >> Andres > > Yes AND no. > > *https_port* (note the 's') cannot be bumped and configured. > > *http_port* (note the lack of 's') MUST be configured to be bumped. > > > Amos > >> >> On Thu, Feb 18, 2010 at 2:38 AM, Henrik Nordstrom >> <henrik@xxxxxxxxxxxxxxxxxxx> wrote: >>> ons 2010-02-17 klockan 22:40 -0700 skrev Alex Rousskov: >>>> On 02/16/2010 12:54 PM, Andres Salazar wrote: >>>> > Hello, >>>> > >>>> > Iam still having issues with SSLBump .. apparently iam now getting >>>> > this error when I visit an https site with my browser explicity >>>> > configured to use the https_port . >>>> > >>>> > 2010/02/16 14:31:14| clientNegotiateSSL: Error negotiating SSL >>>> > connection on FD 8: error:1407609B:SSL >>>> > routines:SSL23_GET_CLIENT_HELLO:https proxy request (1/-1) >>> >>> This error is seen if a browser is configured to use a Squid https_port >>> as HTTP proxy port for secure (SSL/TLS) connections. To be exact it's >>> from the OpenSSL library where the library barfs at receiving an HTTP >>> CONNECT request where an SSL/TLS handshake was expected. >>> >>> For explicit proxy configuration the browser must be configured to use > a >>> Squid http_port. >>> >>> Regards >>> Henrik >>> >>> >
