I've been stuck on this for a few days :P... I 'thought' I had a fairly good understanding of squid + ssl_bump but not so sure. In a nutshell i am having an issue linking a second proxy server via cache_peer. we have 2 boxes. *Configuration:* 1 box, has iptables configured to send all outbound traffic to 10.0.0.1:8999 which is the second box's squid server and port(8999) 2nd box, has squid running on 8999, we have another server running on 8998. both proxy servers are using the same 'CA'. https 10.0.0.1:8999 transparent ssl-bump generate-host-certificates=on..... cache_peer 10.0.0.1:8998 8998 0 ssl default no-query no-digest sslflags=DONT_VERIFY_PEER.... use-case: wget https://facebook.com --ca-cert=/dat/sharedCa.cer , on box 1 through iptables.. 1. squid on box 2 generates and signs a certificate with CN=facebook.com for the client 2. client trusts the CA and cert. 3.we want squid to send this proxied https request to the second proxy server on :8998. this proxy server is set to generate impersonation certs as well using the same rootCAKey that squid uses... however, we keep getting "Failed to establish a secure connection, SQUID_ERR_SSL_HANDSHAKE", Handshake with SSL Server failed: error:140770FC:SSL routines SSL23_GET_SERVER_HELLO: unknown protocol" Does squid 3.5.20 support PROXY Protocol in cache_peer if you need to link a second proxy? or is my configuration messed up. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/client-iptables-squid-proxy-another-proxy-tp4682759.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
