Hello all, I have two squid proxies, one is a Squid 2.7 on a Ubuntu 9.4 machine located here in Switzerland. The other is ubuntu 8.04 LTS with Squid 2.6, located in the US. I'm trying to do the following: Certain requests for servers in the US need to go out of the US proxy. The connection between the local and the US proxy needs to be secure. So I did the following: - Recompiled squid from the source .deb on both machines so ssl works. - Configured the US proxy squid server to accept https request. - Configured the Switzerland proxy to forward certain requests to the US. This worked before I enabled https on both sides of the link. But without https the password that the local proxy uses to authenticate to the remote proxy gets send in the clear, which I don't want. Therefore I configured ssl. With ssl enabled it only works when I request http pages. However, when I try https I see how the local proxy performs a "CONNECT" on the parent proxy in the US, but the US proxy throws an error. In the local proxy log file I see the following: 1270305276.757 149 192.168.1.185 TCP_MISS/000 375 CONNECT www.somesite.com:443 - FIRST_UP_PARENT/us.mydomain.net - So the local proxy does know that to get https://www.somesite.com it needs to pass via my US proxy, and so it attempts a "CONNECT" there. On the US proxy I notice this in the log: 2010/04/03 14:34:36| clientNegotiateSSL: Error negotiating SSL connection on FD 17: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request (1/-1) What is actually going on here? Is maybe my local proxy attempting to do the "CONNECT" over a plain http on the https port? Thanks in advance for any hints. -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions?
