transparent squid and ssl

To: debian-russian@lists.debian.org
Subject: transparent squid and ssl
From: "Hodot D.A." <d.hodot@sam-solutions.net>
Date: Wed, 4 Oct 2006 17:16:59 +0300
Message-id: <[🔎] 200610041717.00874.d.hodot@sam-solutions.net>

Доброго всем времени суток. 
Такая ситуация, имеется debian unstable и squid 2.6.3-1 настроенный как 
transparent, сам сквид ходит через другую проксю

в squid.conf указано следующее
http_port 192.168.0.1:3128 transparent vhost

cache_peer 192.168.0.200 parent 3128 3130 no-query default
never_direct allow notebook


http_access allow manager localhost
http_access deny manager

http_access allow purge localhost

http_access deny CONNECT !SSL_ports

http_access allow my_net
http_access allow localhost

http_access deny all

iptables завёрнут следующим образом
-A PREROUTING -s 192.168.0.15 -p tcp -m multiport --dports 80,443 -j REDIRECT 
--to-ports 3128

192.168.0.15 - это адрес которому и нужно ходить через этот проксик.

Так вот, http трафик нормально ходит, а вот https ни в какую.
firefox говорит что соединение было неожиданно прервано
telnet например на https://google.com выглядит вот так

Trying 72.14.207.99...
Connected to google.com.
Escape character is '^]'.
GET
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
"http://www.w3.org/TR/html4/loose.dtd";>
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; 
charset=iso-8859-1">
<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
<STYLE 
type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The requested URL could not be retrieved</H2>
<HR noshade size="1px">
<P>
While trying to process the request:
<PRE>
GET

</PRE>
<P>
The following error was encountered:
<UL>
<LI>
<STRONG>
Invalid Request
</STRONG>
</UL>

<P>
Some aspect of the HTTP Request is invalid.  Possible problems:
<UL>
<LI>Missing or unknown request method
<LI>Missing URL
<LI>Missing HTTP Identifier (HTTP/1.0)
<LI>Request is too large
<LI>Content-Length missing for POST or PUT requests
<LI>Illegal character in hostname; underscores are not allowed
</UL>
<P>Your cache administrator is <A HREF="mailto:webmaster";>webmaster</A>.

<BR clear="all">
<HR noshade size="1px">
<ADDRESS>
Generated Wed, 04 Oct 2006 13:52:31 GMT by zed-srv.localdomain 
(squid/2.6.STABLE3)
</ADDRESS>
</BODY></HTML>
Connection closed by foreign host.

Может кто сталкивался? как заставить нормально работать ssl?

--  
Best regards,
Dmitry Hodot
E-mail: D.Hodot@sam-solutions.net
Jabber: chaos@jabber.org.by

Reply to:

Follow-Ups:
- Re: transparent squid and ssl
  - From: Mikhail A Antonov <bart@solarnet.ru>

Prev by Date: Re: desktop
Next by Date: Re: xorg: Fatal server error: could not open default font 'fixed'
Previous by thread: Re: etch + Promise SATAII150 TX2plus + IDE
Next by thread: Re: transparent squid and ssl
Index(es):
- Date
- Thread