[squid-users] Error negotiating SSL connection on FD 16
Amos Jeffries
squid3 at treenet.co.nz
Tue Mar 31 14:15:08 UTC 2020
On 30/03/20 11:58 am, saiyan_gc wrote:
> Hi, I am trying to setup a https proxy server, and after I followed some
> tutorial,
Which tutorial?
> created self signed certificate, configure the squid.conf, I also
> copied the certificate to the client host
Which certificate?
Where did you put it?
Do both curl and the aws tool use that location?
> and setup the https_proxy global
> environment variable,
How did you set it up?
Do both curl and the aws tool use that non-standard environment variable?
> I can do *curl https://www.google.com*. I saw
> "172.16.0.16 TCP_TUNNEL/200 16567 CONNECT www.google.com:443 abc
> HIER_DIRECT/216.58.193.68 -".
This curl request does not match the squid.conf you provided. No
authentication credentials are provided, yet username "abc" is being logged.
>
> But I am trying to use my aws cli with "aws s3 ls", the access log will
> throw "172.16.0.16 NONE/000 0 NONE error:transaction-end-before-headers -
> HIER_NONE/ - -".
The TCP connection from client closed before any HTTP was received.
>
> And it throw "Error negotiating SSL connection on FD 16" in cahe.log
>
TLS handshake failure is likely why the TCP connection closed.
Find out what failure is happening.
>
> Here is my config file:
>
> *https_port 3130 cert=/etc/squid/ssl_cert/example.com.cert \
> key=/etc/squid/ssl_cert/example.com.private
> auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
> auth_param basic children 5 startup=0 idle=1
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
> acl ncsa_users proxy_auth REQUIRED
> http_access deny !ncsa_users
> http_access allow all*
>
>
Amos
More information about the squid-users
mailing list