On 2014-01-22 11:44, David Deller wrote: >>> Here's another request, this time with HTTPS: >>> $ curl --proxy https://my-proxy-server.example:3129 \ >>> --proxy-anyauth --proxy-user redacted:redacted -w '\n' \ >>> http://urlecho.appspot.com/echo?body=OK >>> curl: (56) Recv failure: Connection reset by peer >>> Nothing in `access.log` after this one, but in `cache.log`: >>> 2014/01/20 20:46:15| clientNegotiateSSL: Error negotiating SSL >>> connection on FD 10: error:1407609C:SSL >>> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1) >> >> See the serverfault response. curl is connecting to the proxy using >> plain-text instead of SSL. Official curl does not support SSL connections to HTTP proxies. Factory has an experimental curl patch adding such support, including client SSL certificate authentication IIRC. If all you need is a single SSL-to-proxy client, that will work for you (please contact me off list if interested). If you need SSL-to-proxy support in popular browsers and other clients, a single patched curl will not help, of course. > I did notice this and wondered if it might be a problem with curl > itself. So I also tried similar tests with Google Chrome and a Ruby > HTTP library called excon, both of which specifically mention support > of HTTPS proxies. I also tried a few other HTTP libraries that have > HTTP proxy support but don’t specifically mention HTTPS. Since I saw > the same failing result with all of them, I went back to trying to > troubleshoot Squid as the likely source of the problem. In many cases, "HTTPS proxy support" simply means tunneling SSL connections through HTTP proxies by sending HTTP CONNECT requests to those HTTP proxies first. That is not SSL-to-proxy mode that you are looking for. HTH, Alex.