Hello,
I am trying to secure ICAP connections between my Squid proxy and my ICAP Server. On my ICAP Server, i use stunnel with this configuration file (with self signed certificate):
cert = crt.pem
key= key.pem
CAfile=crt.pem
[icaps]
accept = 10.2.2.236:11344
connect = 10.2.2.236:1344
squid.conf file on the proxy Squid:
icap_enable on
icap_send_client_ip on
icap_service service_req reqmod_precache icaps://10.2.2.236:11344/request tls-cafile=crt.pem
adaptation_access service_req allow all
//to decrypt ssl traffic
http_port 3128 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
sslcrtd_program /usr/local/squid/libexec/security_file_certgen -s /usr/local/squid/var/logs/ssl_db -M 4MB
ssl_bump bump all
ssl_bump peek step1
However i have still these errors:
WARNING: Squid got an invalid ICAP OPTIONS response from service icaps://10.2.2.236:11344/request; error: unsupported status code of OPTIONS response
2019/05/06 17:50:27 kid1| essential ICAP service is down after an options fetch failure: icaps://10.2.2.236:11344/request [down,!valid]
2019/05/06 17:53:28 kid1| WARNING: Squid got an invalid ICAP OPTIONS response from service icaps://10.2.2.236:11344/request; error: unsupported status code of OPTIONS response
2019/05/06 17:56:28 kid1| WARNING: Squid got an invalid ICAP OPTIONS response from service icaps://10.2.2.236:11344/request; error: unsupported status code of OPTIONS response
And from the ICAP server stunnel logs the ssl initiation worked fine but it can't connect to the port1344I ensure that non secure ICAP works perfectly and my iptables rules are fine.
Thanks in advance for your help.
Kind regards,
Tran Dac.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
