* Henrik NordstrÃm <henrik@xxxxxxxxxxxxxxxxxxx>: > fre 2011-01-21 klockan 11:31 +0100 skrev Ralf Hildebrandt: > > > >1294685115.286 0 10.43.120.109 NONE/501 4145 POST https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- text/html > > > > So, I enabled SSL using --enable-ssl and now I'm getting: > > > > 1295605546.943 313 141.42.231.227 TCP_MISS/503 4251 GET https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_DIRECT/194.151.178.174 text/html > > and the error output consists of the ERR_SECURE_CONNECT_FAIL error message > > In both cases Squid received an https:// request unencrypted over plain > HTTP. Yes > In the first case, as your Squid did not have SSL support if could not > forward the request at all, as it can not wrap the unencrypted request > in SSL/TLS for forwardning to the requested server. Yup, correct. The default in debian/Ubuntu is to build without --enable-ssl > In the section case Squid and the server did not agree on the SSL > protocol. I wonder what went wrong in that case. > If using this http->https gatewaying capability then you should > configure Squid to not use SSLv2. SSLv2 is considered broken beyond > repair these days. See sslproxy_options for how to tune this in Squid. I did that, disabled v2 but it wouldn't work anyway. But in the meantime they fixed their broken app :) -- Ralf Hildebrandt GeschÃftsbereich IT | Abteilung Netzwerk Charità - UniversitÃtsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@xxxxxxxxxx | http://www.charite.de
