[squid-users] New squid build https not working

Amos Jeffries squid3 at treenet.co.nz
Mon Feb 15 13:17:28 UTC 2016


On 15/02/2016 11:18 a.m., Ryan Slick wrote:
> Hi Guys,
> We built a new squid server on windows, the config as far as I can see is basically the same as our existing proxy (which works fine)
> but the problem is http will work fine, https does not.
> the client browser sees the error: "err_tunnel_connection_failed" when trying to load any page with https
> and the squid logs show:https10.50.100.12 - - [15/Feb/2016:09:10:04 +1100] "CONNECT yahoo.com:443 HTTP/1.1" 0 932 TCP_MISS:DEFAULT_PARENT10.50.100.12 - - [15/Feb/2016:09:10:05 +1100] "CONNECT www.yahoo.com:443 HTTP/1.1" 0 948 TCP_MISS:DEFAULT_PARENT10.50.100.12 - - [15/Feb/2016:09:10:05 +1100] "CONNECT au.yahoo.com:443 HTTP/1.1" 0 944 TCP_MISS:DEFAULT_PARENT
> http10.50.100.12 - domain\username [15/Feb/2016:09:15:14 +1100] "GET http://www.simpleweb.org/ HTTP/1.1" 200 8345TCP_MISS:DEFAULT_PARENT
> 
> The obvious issue seems to be the missing username in the https request. Is there anywhere I can start looking for the issue?


Can you have your log show the Squid native log format please?

Proxies like Squid deal with 2 (or more) TCP connections simultaneously
per transaction.

Using a web server format which only records details about one of those
connections is not very useful. Particularly when dealing with SSL-Bump
which introduces a second transport protocol layer on each connection.

Amos



More information about the squid-users mailing list