On 10/18/22 04:55, LEMRAZZEQ, Wadie wrote:
I have problem only web browsers (Firefox, chromium), and I do specify to use https proxy in the browser proxy config But if I use curl, it works
ERROR: failure while accepting a TLS connection on conn77 local=172.17.0.2:3129 remote=172.17.0.1:56608 FD 12 flags=1: connection: conn77 local=172.17.0.2:3129 remote=172.17.0.1:56608 FD 12 flags=1 Error.cc(22) update: recent: ERR_SECURE_ACCEPT_FAIL/SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=1408F09B+TLS_I O_ERR=1
According to "openssl errstr", that OpenSSL error is: error:1408F09B:SSL routines:ssl3_get_record:https proxy request
Most likely, the client is sending a plain text CONNECT request before encrypting the TLS connection to the HTTPS proxy. In other words, the client thinks it is talking to an HTTP proxy while > you want it to think that it is talking to an HTTPS proxy. For example, * HTTP proxy: curl -x http://172.17.0.2:3128/ ... https://example.com * HTTPS proxy: curl -x https://172.17.0.2:3129/ ... https://example.com
Yes indeed, requesting with curl works unless the web browsers
As far as I can tell based on the information you have provided, your browser is not doing what you want it to do. I can only speculate that the browser is misconfigured.
You can confirm what the browser is doing by looking at browser-Squid packets using wireshark or a similar tool. If you see an HTTP CONNECT requests sent to Squid over a plain text TCP connection, then your browser is _not_ configured to use an HTTPS proxy (or is buggy). The browser should be opening a TCP connection and then initiating a TLS handshake.
HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
