Thank you Amos,
version of squid is : squid-3.3.8-26.el7_2.4.x86_64
Is this statement true:
squid is not aware or traffic that is made with connect command ?
since connect command make a tunnel within squid ?
passing below argument to JVM:
-Dhttps.proxyHost=webcache.example.com -Dhttps.proxyPort=8080
cause application connect to https://webcache.exammple.com
however I have not created any certificate.
May I assume squid is built with ssl enabled and both https and http proxy
being provided on one port ?
either above statement is true, or maybe Java has a bug.
Thanks for help, I will check on squidtool.
Thanks
From: Amos Jeffries <squid3@xxxxxxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Sent: Monday, December 5, 2016 6:04 PM
Subject: Re: HTTPS through http proxy
On 6/12/2016 6:40 a.m., Blaxton wrote:
> Hi
>
> So I understand that using connect method https connection can pass
> through http proxy
> but I am seeing strange behavior and thought some one here might help
> me to find
> the problem we are facing.
>
> I am using simple java app to test https connectivity through http proxy:
> http://alvinalexander.com/blog/post/java/simple-https-example
>
> If we run below command agains squid running on RedHat:
> java -Dhttp.proxyHost=webcache.example.com -Dhttp.proxyPort=808
> JavaHttpsExample
> connection fails , and Squid log file won't even log any thing in log
> file.
That means you either have a very old Squid, or the transaction is not
completed yet as far as Squid is aware. Transactions only get logged on
completion, in this case when the CONNECT tunnel connection is closed by
one of the remove endpoints (client or server). It is not uncommon to
have tunnels stay open all day with HTTPS traffic going back and forward
unseen.
The recent Squid releases log failed client connections that did not
have any HTTP message received. So you can see if the failure happened
before HTTP happened.
> but if we run:
> java -Dhttps.proxyHost=webcache.example.com -Dhttps.proxyPort=8080
> JavaHttpsExample
> I get response and a line being recorded in log file.
> And now running the same app against different squid running on Centos,
> I get response from both but nothing being logged with -Dhttp.proxyHost.
see above about logging time.
> Please help.
> If any one has any tips or any simple app to test different aspect of
> https connectivity through squid please let me know.
You can also use recent squidclient tool if it has been built with
GnuTLS support. Or curl with debug tracing. Or wireshark with packet
captures if you know how.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
