<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue-Light, Helvetica Neue Light, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_ym19_1_1481005311478_3226"><span>Thank you Amos,</span></div><div id="yui_3_16_0_ym19_1_1481005311478_3211"><span><br></span></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481005311478_3210"><span id="yui_3_16_0_ym19_1_1481005311478_4208">version of squid is : </span>squid-3.3.8-26.el7_2.4.x86_64</div><div dir="ltr" id="yui_3_16_0_ym19_1_1481005311478_3209"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481005311478_3208">Is this statement true:</div><div dir="ltr" id="yui_3_16_0_ym19_1_1481005311478_3208">squid is not aware or traffic that is made with connect command ?</div><div dir="ltr" id="yui_3_16_0_ym19_1_1481005311478_3208">since connect command make a tunnel within squid ?</div><div dir="ltr" id="yui_3_16_0_ym19_1_1481005311478_3208"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1481005311478_3208">passing below argument to JVM:</div><pre id="yui_3_16_0_ym19_1_1481005311478_3994"><font face="times new roman, new york, times, serif" size="3" id="yui_3_16_0_ym19_1_1481005311478_3995">-Dhttps.proxyHost=webcache.example.com -Dhttps.proxyPort=8080</font></pre><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1481005311478_3206" dir="ltr">cause application connect to <a href="https://webcache.exammple.com/" id="yui_3_16_0_ym19_1_1481005311478_4272">https://webcache.exammple.com</a></div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1481005311478_3206" dir="ltr">however I have not created any certificate.</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1481005311478_3206" dir="ltr">May I assume squid is built with ssl enabled and both https and http proxy</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1481005311478_3206" dir="ltr">being provided on one port ?</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1481005311478_3206" dir="ltr"><br></div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1481005311478_3206" dir="ltr">either above statement is true, or maybe Java has a bug.</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1481005311478_3206" dir="ltr"><br></div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1481005311478_3206" dir="ltr">Thanks for help, I will check on squidtool.</div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1481005311478_3206" dir="ltr"><br></div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1481005311478_3206" dir="ltr">Thanks<br><br></div><div class="yahoo_quoted" id="yui_3_16_0_ym19_1_1481005311478_3101" style="display: block;">  <div style="font-family: HelveticaNeue-Light, Helvetica Neue Light, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1481005311478_3100"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1481005311478_3099"> <div dir="ltr" id="yui_3_16_0_ym19_1_1481005311478_3205"> <font size="2" face="Arial" id="yui_3_16_0_ym19_1_1481005311478_3245"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Amos Jeffries <squid3@treenet.co.nz><br> <b><span style="font-weight: bold;">To:</span></b> squid-users@lists.squid-cache.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Monday, December 5, 2016 6:04 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [squid-users] HTTPS through http proxy<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_ym19_1_1481005311478_3098"><br><br clear="none"><br clear="none">On 6/12/2016 6:40 a.m., Blaxton wrote:<br clear="none">> Hi<br clear="none">><br clear="none">> So I understand that using connect method https connection can pass <br clear="none">> through http proxy<br clear="none">> but I am seeing strange behavior and thought some one here might help <br clear="none">> me to find<br clear="none">> the problem we are facing.<br clear="none">><br clear="none">> I am using simple java app to test https connectivity through http proxy:<br clear="none">> <a shape="rect" href="http://alvinalexander.com/blog/post/java/simple-https-example" target="_blank" id="yui_3_16_0_ym19_1_1481005311478_4301">http://alvinalexander.com/blog/post/java/simple-https-example</a><br clear="none">><br clear="none">> If we run below command agains squid running on RedHat:<br clear="none">> java -Dhttp.proxyHost=webcache.example.com -Dhttp.proxyPort=808 <br clear="none">> JavaHttpsExample<br clear="none">> connection fails , and Squid log file won't even log any thing in log <br clear="none">> file.<br clear="none"><br clear="none">That means you either have a very old Squid, or the transaction is not <br clear="none">completed yet as far as Squid is aware. Transactions only get logged on <br clear="none">completion, in this case when the CONNECT tunnel connection is closed by <br clear="none">one of the remove endpoints (client or server). It is not uncommon to <br clear="none">have tunnels stay open all day with HTTPS traffic going back and forward <br clear="none">unseen.<br clear="none"><br clear="none">The recent Squid releases log failed client connections that did not <br clear="none">have any HTTP message received. So you can see if the failure happened <br clear="none">before HTTP happened.<br clear="none"><br clear="none">> but if we run:<br clear="none">> java -Dhttps.proxyHost=webcache.example.com -Dhttps.proxyPort=8080 <br clear="none">> JavaHttpsExample<br clear="none">> I get response and a line being recorded in log file.<br clear="none">> And now running the same app against different squid running on Centos,<br clear="none">> I get response from both but nothing being logged with -Dhttp.proxyHost.<br clear="none"><br clear="none">see above about logging time.<div class="yqt1079306416" id="yqtfd88010"><br clear="none"><br clear="none">> Please help.<br clear="none">> If any one has any tips or any simple app to test different aspect of <br clear="none">> https connectivity through squid please let me know.</div><br clear="none"><br clear="none"><br clear="none">You can also use recent squidclient tool if it has been built with <br clear="none">GnuTLS support. Or curl with debug tracing. Or wireshark with packet <br clear="none">captures if you know how.<br clear="none"><br clear="none">Amos<br clear="none"><br clear="none">_______________________________________________<br clear="none">squid-users mailing list<br clear="none"><a shape="rect" ymailto="mailto:squid-users@lists.squid-cache.org" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br clear="none"><a shape="rect" href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><div class="yqt1079306416" id="yqtfd31097"><br clear="none"></div><br><br></div> </div> </div>  </div></div></body></html>