|
Hello, I'm trying to set up an encrypted communication between the browser and squid theoretically, I followed this section to implement it :
https://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection I tried to implement this on a dockerized Alpine, and a squid 5.5 with openssl module in squid.conf, I have: ... http_port 3128 https_port 3129 cert=/etc/squid/crt.pem key=/etc/squid/key.pem ... but when I request squid https port, I got this error every time, in cache.log: ... ERROR: failure while accepting a TLS connection on conn77 local=172.17.0.2:3129 remote=172.17.0.1:56608 FD 12 flags=1: 0x7fbd208f33e0*1 connection: conn77 local=172.17.0.2:3129 remote=172.17.0.1:56608 FD 12 flags=1 Pipeline.cc(31) front: Pipeline 0x7fbd208f13a0 empty Error.cc(22) update: recent: ERR_SECURE_ACCEPT_FAIL/SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=1408F09B+TLS_IO_ERR=1 ... I also tried this with squid 4.10 with gnutls module, in an Ubuntu 20.40 environment, with the same squid.conf, and I got again a TLS error ... client_side.cc(2597) tlsAttemptHandshake: Error negotiating TLS on local=x.x.x.x:3129 remote=x.x.x.x:50874 FD 11 flags=1: Aborted by client: An unexpected TLS packet was received. ... I used for certificates, a self signed one, and a generated certificate signed by our CA, for both scenarios Also, I tried multiple https_port options (disable some SSL implementation, manipulation of client certificates...) but without success Am I missing something in the squid configuration? |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
