<div dir="ltr">Hello,<div><br></div><div>I have a java application that is successfully making REST calls to a 3rd party vendor that requires 2 way SSL on port 8184 for some calls and 1 way SSL on port 8185 for other calls. However, when I start proxying the calls with squid all 1 and 2 way SSL calls fail. </div><div><br></div><div>I added ports 8184 and 8185 to both SSL_Ports and Safe_ports via the following:</div><div><br></div><div><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl SSL_ports port 8184</p><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl SSL_ports port 8185</p></div><div><br></div><div><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 8184</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 8185</p></div><div><br></div><div>Here's a little config information </div><div><br></div><div><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">squid -v</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">Squid Cache: Version 3.4.3</p></div><div><br clear="all"><div>Here's my full configuration:</div><div><br></div><div><p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">#</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Recommended minimum configuration:</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">#</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Example rule allowing access from your local networks.</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Adapt to list your (internal) IP networks from where browsing</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># should be allowed</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl localnet src <a href="http://10.0.0.0/8">10.0.0.0/8</a><span class="" style="white-space:pre"> </span># RFC1918 possible internal network</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl localnet src <a href="http://172.16.0.0/12">172.16.0.0/12</a><span class="" style="white-space:pre"> </span># RFC1918 possible internal network</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl localnet src <a href="http://192.168.0.0/16">192.168.0.0/16</a><span class="" style="white-space:pre"> </span># RFC1918 possible internal network</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl localnet src fc00::/7 # RFC 4193 local private network range</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl SSL_ports port 443</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl SSL_ports port 8184</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl SSL_ports port 8185</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 80<span class="" style="white-space:pre"> </span># http</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 21<span class="" style="white-space:pre"> </span># ftp</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 443<span class="" style="white-space:pre"> </span># https</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 70<span class="" style="white-space:pre"> </span># gopher</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 210<span class="" style="white-space:pre"> </span># wais</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 1025-65535<span class="" style="white-space:pre"> </span># unregistered ports</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 280<span class="" style="white-space:pre"> </span># http-mgmt</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 488<span class="" style="white-space:pre"> </span># gss-http</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 591<span class="" style="white-space:pre"> </span># filemaker</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 777<span class="" style="white-space:pre"> </span># multiling http</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 8184</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl Safe_ports port 8185</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">acl CONNECT method CONNECT</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">#</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Recommended minimum Access Permission configuration:</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">#</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Deny requests to certain unsafe ports</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">http_access deny !Safe_ports</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Deny CONNECT to other than secure SSL ports</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">http_access deny CONNECT !SSL_ports</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Only allow cachemgr access from localhost</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">http_access allow localhost manager</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">http_access deny manager</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># We strongly recommend the following be uncommented to protect innocent</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># web applications running on the proxy server who think the only</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># one who can access services on "localhost" is a local user</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">#http_access deny to_localhost</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">#</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">#</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Example rule allowing access from your local networks.</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Adapt localnet in the ACL section to list your (internal) IP networks</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># from where browsing should be allowed</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">http_access allow localnet</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">http_access allow localhost</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># And finally deny all other access to this proxy</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">http_access deny all</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Squid normally listens to port 3128</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">http_port 3128</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Uncomment and adjust the following to add a disk cache directory.</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">#cache_dir ufs /var/spool/squid 100 16 256</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Leave coredumps in the first cache dir</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">coredump_dir /var/spool/squid</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196);min-height:17px"><br></p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">#</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)"># Add any of your own refresh_pattern entries above these.</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">#</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">refresh_pattern ^ftp:<span class="" style="white-space:pre"> </span>1440<span class="" style="white-space:pre"> </span>20%<span class="" style="white-space:pre"> </span>10080</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">refresh_pattern ^gopher:<span class="" style="white-space:pre"> </span>1440<span class="" style="white-space:pre"> </span>0%<span class="" style="white-space:pre"> </span>1440</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">refresh_pattern -i (/cgi-bin/|\?) 0<span class="" style="white-space:pre"> </span>0%<span class="" style="white-space:pre"> </span>0</p>
<p style="margin:0px;font-size:14px;line-height:normal;font-family:Courier;color:rgb(76,47,45);background-color:rgb(223,219,196)">refresh_pattern .<span class="" style="white-space:pre"> </span>0<span class="" style="white-space:pre"> </span>20%<span class="" style="white-space:pre"> </span>4320</p></div><div><br></div><div>Any help is greatly appreciated!</div><div><br></div><div>Thanks!</div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><table border="0" cellpadding="2" cellspacing="1" style="font-family:Calibri;width:800px;min-height:97px"><tbody><tr><td style="vertical-align:top;width:557px"><big><font size="-1" style="color:rgb(51,51,51)"><big><span style="font-family:Tahoma">Bart Spedden<small> </small> | Senior Developer<br></span></big></font></big></td></tr><tr><td style="vertical-align:top"><big><font size="-1" style="color:rgb(51,51,51)"><big><span style="font-family:Tahoma"><span style="color:rgb(51,51,255)"></span><a style="color:rgb(34,34,34)">+1.720.210.7041</a> | </span></big></font><span style="font-size:13px"><font color="#0433ff"><u style="font-family:Cambria;text-align:-webkit-auto"><span style="font-family:Tahoma"><a href="mailto:bart.spedden@3sharecorp.com" style="color:rgb(17,85,204)" target="_blank">bart.spedden@3sharecorp.com</a><br></span></u></font></span></big></td></tr><tr><td style="vertical-align:top;width:557px;min-height:0px"><big><font size="-1" style="color:rgb(51,51,51)"><big><span style="font-family:Tahoma"><big><span style="color:rgb(0,0,51);font-weight:bold"><br>3</span><span style="color:rgb(0,0,153)"><small><small> </small></small><span style="color:rgb(51,153,204)">|</span><small style="color:rgb(0,0,51)"><small> </small></small><span style="color:rgb(0,0,51)">S</span><small style="color:rgb(0,0,51)"><small> </small></small><span style="color:rgb(0,0,51)">H</span><small style="color:rgb(0,0,51)"><small> </small></small><span style="color:rgb(0,0,51)">A</span><small style="color:rgb(0,0,51)"><small> </small></small><span style="color:rgb(0,0,51)">R</span><small style="color:rgb(0,0,51)"><small> </small></small><span style="color:rgb(0,0,51)">E</span></span></big> | <span style="font-style:italic">Adobe Digital Marketing Experts</span> | </span></big></font><font size="-1" style="color:rgb(51,51,51)"><big><span style="font-family:Tahoma"><span style="color:red"><span style="color:rgb(51,153,204)">An Adobe</span><sup style="color:rgb(51,153,204)">® </sup><span style="color:rgb(51,153,204)"> Business Plus Level Solution Partner</span></span></span></big></font><font size="-1" style="color:rgb(51,51,51)"><big><span style="font-family:Tahoma"></span></big></font><font size="-1" style="color:rgb(51,51,51)"><big><span style="font-family:Tahoma"></span></big></font><font size="-1" style="color:rgb(51,51,51)"><big><span style="font-family:Tahoma"></span></big></font></big></td></tr><tr><td style="vertical-align:top;width:557px;min-height:0px"><big><font size="-1" style="color:rgb(51,51,51)"><big><span style="font-family:Tahoma"></span></big></font></big><font size="-1" style="color:rgb(51,51,51)"><span style="font-family:Tahoma"><big>Consulting | Training | Remote Operations Management<a href="http://www.3sharecorp.com/en/services/rom.html" target="_blank"><br></a></big></span></font><br style="color:rgb(51,51,51);font-family:Tahoma;font-size:11px"><a href="http://www.3sharecorp.com/en/services/rom.html" style="color:rgb(17,85,204);font-family:Tahoma;font-size:11px" target="_blank"><img height="120" width="600" src="cid:3973B1E4-B11B-4F84-BDF8-09090D4D2A1D@attlocal.net"></a><font size="-1" style="color:rgb(51,51,51)"><span style="font-family:Tahoma"><big><br><a href="http://www.3sharecorp.com/en/services/rom.html" target="_blank"> </a></big></span></font></td></tr></tbody></table></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div></div>