I'm trying to get squid to listen to HTTPS in order to encrypt the traffic between the proxy and the user.
I'm running squid 3.5.19 and squid is compiled with the --with-openssl option which is required for https_port directive.
In order to accomplish that I used the following configuration:
> However, when I try to connect from the browser using port 3129 I get a
> connection refused.
> When runnig squid in debug mode I got the following in cache.log:
> 2017/05/14 21:10:19.854 kid1| 83,2| client_side.cc(3743) Squid_SSL_accept:
> Error negotiating SSL connection on FD 7: error:00000005:lib(0):func(0):DH
FYI: The "connection refused" browser error does not seem to match
"Error negotiating SSL connection" Squid error, but perhaps it is just
your browser being a little misleading.
> Please help me understand the reason.
You have configured Squid to be an HTTPS proxy.
Did you configure your browser to use an HTTP proxy instead of an HTTPS
proxy? Some browsers support HTTPS proxies, but it is tricky to enable
that support so I have to ask. HTTP proxies expect plain HTTP requests.
HTTPS proxies expect encrypted HTTP requests.
If you are still having trouble, it may be useful to attach
browser-Squid packet capture when reproducing the problem with
http://www.example.com/ or a similar "trivial" site.
I figured out the issue was with the browser after consulting with a colleague.
I couldn't find any browser add-on that works in order to test this so I had a tester built just for that.
With the tester I was able to use the HTTPS proxy with no issues.
Thanks for your reply.