[squid-users] https quick question

snakeeyes ahmed.zaeem at netstream.ps
Sat May 23 03:33:20 UTC 2015


Sorry amos ,  what shoud I modify squid.conf ?

As I told u all I added is I  installed the tool
yum -y install crypto-utils 


And generated private and public keys
genkey -days 365  xxx

then 

And added to squid.conf
https_port xxx:443 accel cert=/etc/pki/tls/certs/xxx.crt key=/etc/pki/tls/private/xxx vhost




still has same error !!

I tried from different browser and different pc and same thing !
? any help 

-----Original Message-----
From: Amos Jeffries [mailto:squid3 at treenet.co.nz] 
Sent: Thursday, May 21, 2015 8:23 PM
To: snakeeyes
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] https quick question

On 22/05/2015 3:22 p.m., snakeeyes wrote:
> clientNegotiateSSL: Error negotiating SSL connection on FD 36: 
> error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request 
> (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 45: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 36: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 36: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 36: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 45: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 54: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 2015/05/21 20:20:17| clientNegotiateSSL: Error negotiating SSL 
> connection on FD 29: error:1407609C:SSL 
> routines:SSL23_GET_CLIENT_HELLO:http request (1/-1)
> 

IIRC, that is OpenSSL library complaining that you passed it un-encrypted HTTP message syntax (port 80 or 3128).

HTTP (port 80) to an http_port

HTTPS (port 443) to an https_port

FTP (port 21) to an ftp_port

... the hint is in the *_port naming.

Amos



More information about the squid-users mailing list