Dear squid developers and users,
after upgrading our squid 2.7 setup to squid 3.3.8 we experience
problems with a custom Java applet connecting to a HTTPS server.
Both squid 2.7 and squid 3.3.8 are installed on the same machine and use
the same configuration except the 'http_port' directive. (squid 3.3.8
uses a copy of the squid 2.7 config file with configuration options
adapted to the new squid 3.x syntax where necessary).
With squid 2.7 *all* HTTP CONNECT requests from the applet (the applet
issues a bunch of HTTPS requests to a single server) work just fine.
With squid 3.3.8 however, the applet issues a couple of HTTPS requests
and then hangs. Switching the Java proxy settings to the squid 2.7 port
and starting the applet again solves the problem.
The only apparent difference between squid 2.7 and squid 3.3.8 from
clients perspective seems to be HTTP/1.0 vs. HTTP/1.1 in the proxy requests:
connect using squid 2.7:
CONNECT some.host.name:443 HTTP/1.1
User-Agent: Java/1.7.0_17
Host: some.host.name
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-Connection: keep-alive
HTTP/1.0 200 Connection established
connect using squid 3.3.8:
CONNECT some.host.name:443 HTTP/1.1
User-Agent: Java/1.7.0_17
Host: some.host.name
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Proxy-Connection: keep-alive
HTTP/1.1 200 Connection established
Looking at the packet dumps taken from the client and internet facing
NICs on the proxy there are no (at least according to my limited
knowledge) apparent errors.
So my question would be if there were any changes between the listed
squid versions in handling HTTP CONNECT requests that might cause the
above mentioned issue.
Of course I will supply the packet dumps and complete configuration if
needed.
squid 2.7 -v:
Squid Cache: Version 2.7.STABLE7
configure options: '--prefix=/usr' '--exec_prefix=/usr'
'--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid'
'--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid'
'--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads'
'--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter'
'--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap'
'--enable-snmp' '--enable-delay-pools' '--enable-htcp'
'--enable-cache-digests' '--enable-underscores' '--enable-referer-log'
'--enable-useragent-log' '--enable-auth=basic,digest,ntlm,negotiate'
'--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp'
'--enable-follow-x-forwarded-for' '--with-large-files'
'--with-maxfd=65536' 'i386-debian-linux' 'build_alias=i386-debian-linux'
'host_alias=i386-debian-linux' 'target_alias=i386-debian-linux'
'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='
squid 3.3.8 -v:
Squid Cache: Version 3.3.8
configure options: '--build=i486-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--disable-silent-rules' '--srcdir=.' '--datadir=/usr/share/squid3'
'--sysconfdir=/etc/squid3' '--mandir=/usr/share/man' '--enable-inline'
'--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock'
'--enable-removal-policies=lru,heap' '--enable-delay-pools'
'--enable-cache-digests' '--enable-underscores' '--enable-icap-client'
'--enable-follow-x-forwarded-for'
'--enable-auth-basic=DB,fake,getpwnam,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'
'--enable-auth-digest=file,LDAP'
'--enable-auth-negotiate=kerberos,wrapper'
'--enable-auth-ntlm=fake,smb_lm'
'--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group'
'--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi'
'--enable-zph-qos' '--disable-translation'
'--with-swapdir=/var/spool/squid3' '--with-logdir=/var/log/squid3'
'--with-pidfile=/var/run/squid3.pid' '--with-filedescriptors=65536'
'--with-large-files' '--with-default-user=proxy' '--enable-epoll'
'--enable-linux-netfilter' 'build_alias=i486-linux-gnu' 'CFLAGS=-g -O2
-g -Wall -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='
'CXXFLAGS=-g -O2 -g -Wall -O2' --enable-ltdl-convenience
# uname -a
Linux proxymgmt02 2.6.32-47-generic-pae #109-Ubuntu SMP Tue
May 7 02:19:47 UTC 2013 i686 GNU/Linux
Best regards,
Robert
