[squid-users] Squid to listen to HTTPS

Alex Rousskov rousskov at measurement-factory.com
Mon May 15 17:33:59 UTC 2017

On 05/14/2017 03:49 PM, avi_h wrote:

> I'm trying to get squid to listen to HTTPS in order to encrypt the traffic
> between the proxy and the user.

> https_port 3129 cert=/etc/squid/certificate.pem key=/etc/squid/privatekey.pem

> However, when I try to connect from the browser using port 3129 I get a
> connection refused.
> When runnig squid in debug mode I got the following in cache.log:
> 2017/05/14 21:10:19.854 kid1| 83,2| client_side.cc(3743) Squid_SSL_accept:
> Error negotiating SSL connection on FD 7: error:00000005:lib(0):func(0):DH
> lib

FYI: The "connection refused" browser error does not seem to match
"Error negotiating SSL connection" Squid error, but perhaps it is just
your browser being a little misleading.

> Please help me understand the reason.

You have configured Squid to be an HTTPS proxy.

Did you configure your browser to use an HTTP proxy instead of an HTTPS
proxy? Some browsers support HTTPS proxies, but it is tricky to enable
that support so I have to ask. HTTP proxies expect plain HTTP requests.
HTTPS proxies expect encrypted HTTP requests.

If you are still having trouble, it may be useful to attach
browser-Squid packet capture when reproducing the problem with
http://www.example.com/ or a similar "trivial" site.


More information about the squid-users mailing list