Search squid archive

Re: HTTPS CONNECT Failing - Squid 3.3.4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 26/04/2014 3:26 a.m., tomsl wrote:
> I have Squid 3.3.4 running on Ubuntu 12.04. For some clients, it looks like
> they cannot establish an SSL connection so I assume that HTTPS CONNECT is
> failing.

There is no such thing as HTTPS CONNECT.

There is HTTP CONNECT for clients making an HTTPS request to an
explicit/forward proxy.


> These are embedded linux devices (I think) and I cannot get any
> logs from them so I am finding it difficult to debug. I have tried many
> different options on the https_port line. 
> 
> My https_port line is currently:
> 
> https_port 443 accel cert=/root/ssl/cert.pem
> cipher=RC4-MD5:RC4-SHA:AES128-SHA:DES-CBC3-SHA:AES256-SHA
> defaultsite=mysite.mydomain.com
> 

CONNECT requests is invalid in "accel" mode traffic. And is technically
valid but unused in most https_port traffic.

So in short I very much doubt its a CONNECT failure....


> 
> The only relevant information that I can get from the logs is:
> 
> 2014/04/25 14:57:07.598| TcpAcceptor.cc(197) doAccept: New connection on FD
> 31
> 2014/04/25 14:57:07.598| TcpAcceptor.cc(272) acceptNext: connection on
> local=[::]:443 remote=[::] FD 31 flags=9
> 2014/04/25 14:57:07.598| Eui48.cc(262) lookup: Looking up ARP address for
> 10.189.246.4 on eth0
> 2014/04/25 14:57:07.598| Eui48.cc(262) lookup: Looking up ARP address for
> 10.189.246.4 on eth1
> 2014/04/25 14:57:07.598| Eui48.cc(537) lookup: 10.189.246.4 NOT found
> -----BEGIN SSL SESSION PARAMETERS-----
> MIGLAgEBAgIDAwQCAC8EILteDsmKzo2zRpPdTooen622XmoPOJ+EuE58nSIpKQ3E
> BDBmI+cJ09OOG1hxtpjXqfv9ZjCUHAH0uaI7JJnB5DQb44Lu69fk/GpbT8mNj8fq
> yuShBgIEU1p3w6IEAgIBLKQCBACmGAQWYnN0ZXN0LnNpZ25hZ2VsaXZlLmNvbQ==
> -----END SSL SESSION PARAMETERS-----
> 2014/04/25 14:57:08.294| client_side.cc(3528) clientNegotiateSSL:
> clientNegotiateSSL: New session 0x7fb05d661640 on FD 10 (10.189.246.4:11885)
> 2014/04/25 14:57:08.294| client_side.cc(3532) clientNegotiateSSL:
> clientNegotiateSSL: FD 10 negotiated cipher AES128-SHA
> 2014/04/25 14:57:08.294| client_side.cc(3548) clientNegotiateSSL:
> clientNegotiateSSL: FD 10 has no certificate.

There you go. No certificate. Question is whether that is client missing
a certificate or Squid (server)?

Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux