[squid-users] client-->iptables-->squid-proxy->another-proxy

[JerylCook]

I've been stuck on this for a few days :P...

 I 'thought' I had a fairly good understanding of squid + ssl_bump but not
so sure.

In a nutshell i am having an issue linking a second proxy server via
cache_peer.

we have 2 boxes.

*Configuration:*
1 box, has iptables configured to send all outbound traffic to 10.0.0.1:8999
which is the second box's squid server and port(8999)

2nd box, has squid running on 8999, we have another server running on 8998. 
both proxy servers are using the same 'CA'.

https 10.0.0.1:8999 transparent ssl-bump generate-host-certificates=on.....

cache_peer 10.0.0.1:8998 8998 0 ssl default no-query no-digest
sslflags=DONT_VERIFY_PEER....

use-case:
wget https://facebook.com --ca-cert=/dat/sharedCa.cer  , on box 1 through
iptables..
1. squid on box 2 generates and signs a certificate with CN=facebook.com for
the client
2. client trusts the CA and cert.
3.we want squid to send this proxied https request to the second proxy
server on :8998. this proxy server is set to generate impersonation certs as
well using the same rootCAKey that squid uses...

however, we keep getting 
"Failed to establish a secure connection, SQUID_ERR_SSL_HANDSHAKE",
Handshake with SSL Server failed: error:140770FC:SSL routines
SSL23_GET_SERVER_HELLO: unknown protocol" 

Does squid 3.5.20 support PROXY Protocol in cache_peer if you need to link a
second proxy? or is my configuration messed up.



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/client-iptables-squid-proxy-another-proxy-tp4682759.html
Sent from the Squid - Users mailing list archive at Nabble.com.