FYI to the list: I had commented out the never_direct allow all config parameter. Uncommenting this solved my problem. Sigh. =) -J On Wed, Oct 6, 2010 at 2:00 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 04/10/10 20:24, Jake Hawkes wrote: >> >> Can anyone help me with this? >> Am I missing something obvious? >> >> On Thu, Sep 30, 2010 at 11:09 AM, Jake Hawkes<jakehawkes@xxxxxxxxxxxx> >> wrote: >>> >>> Hello, >>> >>> I am running Squid 2.7.STABLE8 on Windows XP. I am primarily doing > > <snip> >>> >>> It all falls down with HTTPS however. >>> >>> I honestly can't remember if this has ever worked, (I seem to think it >>> did) but now I am completely stumped. >>> I have checked the windows firewall, and it is off. >>> I have downloaded the SSL package from acme, and there is no >>> difference in the behaviour. > > K. Thats the build you need to be using. > >>> >>> The SSL connections from the browser timeout. Chome reports "Waiting >>> for proxy tunnel" in the status bar, and then fails with this error: >>> Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED): Unknown error. > > The network underneath squid is blocking the port 443 connections. > > Browser gets the Squid fine, Squid locates the destination okay and starts > connecting, then that TCP error #111. > > Apparently this is an error produced by the GSE (google web server). Though > I have no way to verify that claim. > > <snip> >>> >>> 30/Sep/2010:10:43:46,127.0.0.1, mail.google.com:443, TCP_MISS/000, 0 >>> > 30/Sep/2010:10:48:01,127.0.0.1, www.dropbox.com:443, TCP_MISS/504, 0 >>> > > > The 000 indicates Squid tried to fetch but got no data back except a forced > close packet from the remote end. > The second is the same with a Squid timeout being reached instead of a > forced-close packet. > > Some educated guesses would be > SSL version(s) built into Squid are not supported by the remote end (you > are screwed). > Network troubles going through some device to port 443 (test with a > non-proxied connection attempt). > TCP window scaling, ECN, or PMTU issues (test with tcp ping packets of > various sizes and see if any sizes cause hanging). > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.8 > Beta testers wanted for 3.2.0.2 > -- ---- jakehawkes@xxxxxxxxxxxx +34 670 683 799
