On 08/29/2016 10:43 AM, Stanford Prescott wrote: > Is there a way to tell Squid that there may be port 443 connections that > don't use TLS/SSL so that a useful message could be generated other than > the "connection failed" message the VPN client gives? Not quite, but we are slowly getting there: Recent Squids have on_unsupported_protocol feature that is usually triggered when Squid receives a request using the wrong protocol, including receiving non-SSL bytes instead of SSL Hello. You can configure Squid to respond with an error response in that case (in fact, that is the default behavior). In theory, you can also configure Squid to customize that error response using deny_info, but see http://lists.squid-cache.org/pipermail/squid-users/2016-August/012124.html (Ideally, we should support a better way of customize error responses than denying them and using deny_info to customize denied responses!) Even if deny_info works, there is currently no way to customize an error response so that it becomes a non-HTTP response, but that (together with ACLs/code to detect common non-HTTP protocols) would be a welcomed feature IMO. Ideally, the admin should be able to tell Squid exactly what bytes to send to the client (as opaque or opaque with placeholders data) if needed. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
