[squid-users] 2 way SSL on a non standard SSL Port

Antony Stone Antony.Stone at squid.open.source.it
Mon Nov 30 17:59:24 UTC 2015


On Monday 30 November 2015 at 18:53:54, Bart Spedden wrote:

> I can successfully connect as long as I don't use squid for either 1 way or
> 2 way TLS connections. I've also successfully connect via curl. So, I feel
> like the site's certs are working well. I could be totally off base here
> but my interpretation of the the 503 (service unavailable) is that squid is
> timing out on tls handshake? But what is weird is that when using squid I
> can successfully connect to google using https. So, that is what makes me
> wonder if it has something to do with the non-standard https port?

If it's a timeout, you should be able to see this with a standard wireshark / 
tcpdump packet capture (no SSL inspection necessary) on your external-facing 
router (or anywhere else which is a common path both when going direct from 
the client, and via Squid).

Comparing the two (even though you can't decode the content of the packets) 
may well give a clue as to what's going on differently between the two types of 
connection.


Antony.

-- 
Users don't know what they want until they see what they get.

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list