Hello, I'm trying to set up an encrypted communication between the browser and squid
theoretically, I followed this section to implement it : https://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection I tried to implement this on a dockerized Alpine, and a squid 5.5 with openssl module in squid.conf, I have: ... http_port 3128 https_port 3129 cert=/etc/squid/crt.pem key=/etc/squid/key.pem ... but when I request squid https port, I got this error every time, in cache.log: ... ERROR: failure while accepting a TLS connection on conn77 local=172.17.0.2:3129 remote=172.17.0.1:56608 FD 12 flags=1: 0x7fbd208f33e0*1 connection: conn77 local=172.17.0.2:3129 remote=172.17.0.1:56608 FD 12 flags=1 Pipeline.cc(31) front: Pipeline 0x7fbd208f13a0 empty Error.cc(22) update: recent: ERR_SECURE_ACCEPT_FAIL/SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=1408F09B+TLS_IO_ERR=1 ... I also tried this with squid 4.10 with gnutls module, in an Ubuntu 20.40 environment, with the same squid.conf, and I got again a TLS error ... client_side.cc(2597) tlsAttemptHandshake: Error negotiating TLS on local=x.x.x.x:3129 remote=x.x.x.x:50874 FD 11 flags=1: Aborted by client: An unexpected TLS packet was received. ... I used for certificates, a self signed one, and a generated certificate signed by our CA, for both scenarios Also, I tried multiple https_port options (disable some SSL implementation, manipulation of client certificates...) but without success Am I missing something in the squid configuration? This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
