[squid-users] Error negotiating SSL connection on FD 16

Amos Jeffries squid3 at treenet.co.nz
Tue Mar 31 14:15:08 UTC 2020

On 30/03/20 11:58 am, saiyan_gc wrote:
> Hi, I am trying to setup a https proxy server, and after I followed some
> tutorial, 

Which tutorial?

> created self signed certificate, configure the squid.conf, I also
> copied the certificate to the client host 

Which certificate?
 Where did you put it?
 Do both curl and the aws tool use that location?

> and setup the https_proxy global
> environment variable,

How did you set it up?

Do both curl and the aws tool use that non-standard environment variable?

> I can do *curl https://www.google.com*. I saw
> " TCP_TUNNEL/200 16567 CONNECT www.google.com:443 abc

This curl request does not match the squid.conf you provided. No
authentication credentials are provided, yet username "abc" is being logged.

> But I am trying to use my aws cli with "aws s3 ls", the access log will
> throw " NONE/000 0 NONE error:transaction-end-before-headers -
> HIER_NONE/ - -". 

The TCP connection from client closed before any HTTP was received.

> And it throw "Error negotiating SSL connection on FD 16" in cahe.log

TLS handshake failure is likely why the TCP connection closed.

 Find out what failure is happening.

> Here is my config file:
> *https_port 3130 cert=/etc/squid/ssl_cert/example.com.cert \
>     key=/etc/squid/ssl_cert/example.com.private  
> auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
> auth_param basic children 5 startup=0 idle=1
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
> acl ncsa_users proxy_auth REQUIRED
> http_access deny !ncsa_users
> http_access allow all*


More information about the squid-users mailing list