Re: https quick question

"snakeeyes" <ahmed.zaeem@xxxxxxxxxxxx> · Fri, 22 May 2015 20:33:20 -0700

Sorry amos ,  what shoud I modify squid.conf ?

As I told u all I added is I  installed the tool
yum -y install crypto-utils 

And generated private and public keys
genkey -days 365  xxx

then 

And added to squid.conf
https_port xxx:443 accel cert=/etc/pki/tls/certs/xxx.crt key=/etc/pki/tls/private/xxx vhost

still has same error !!

I tried from different browser and different pc and same thing !
? any help 

-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
Sent: Thursday, May 21, 2015 8:23 PM
To: snakeeyes
Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re:  https quick question

On 22/05/2015 3:22 p.m., snakeeyes wrote:
> clientNegotiateSSL: Error negotiating SSL connection on FD 36: 
> error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request 
> (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 45: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 36: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 36: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 36: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 45: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 54: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 29: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 

IIRC, that is OpenSSL library complaining that you passed it un-encrypted HTTP message syntax (port 80 or 3128).

HTTP (port 80) to an http_port

HTTPS (port 443) to an https_port

FTP (port 21) to an ftp_port

... the hint is in the *_port naming.

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users