RE: [squid-users] problems with one special ssl internet-site

From: Chris Robertson <[email protected]>
Date: Wed, 10 Nov 2004 10:22:26 -0900

>> Hello all,
>> if this problem was discussed before, I�m very sorry, but I
>> have nothing
>> found describing this special problem by google and other searches...
>>
>> When I type the url in browser it is loading and loading and loading ...
>> When I stop loading, the following message is written in access.log
>> "1100018007.822 419529 192.168.1.247 TCP_MISS/200 2535 CONNECT
>> www.iisplus0.ch:443 - DIRECT/212.59.165.35 - [User-Agent: Mozilla/5.0
>> (Windows; U; Windows NT 5.1; de-DE; rv:1.7) Gecko/20040803
>> Firefox/0.9.3\r\nProxy-Connection: keep-alive\r\nHost:
>> www.iisplus0.ch\r\n] []"
>>
>> same problem when using different clients ...
>> I also tried with another squid proxy server I have access to and
>> experienced the same problem.
>>
>> Perhaps it is because of the AES 256 bit key the site uses ?
>
> That site doesn't work either when I try a browser which goes direct
> (direct Internet connection).
> The remote secure server is broken.
>
> M.

I tired it myself both surfing direct, and through four versions of Squid
(2.5.STABLE3, STABLE4, STABLE6 and STABLE7) running on two different OSes
(Linux 2.2, Linux 2.4 and FreeBSD 5.2.1).

Surfing direct, I was able to hit the site with three browsers (K-Meleon
0.8.2, Mozilla 1.7.3 and IE 5.5 all on Windows 2000 Pro). Using the proxy
(and K-Meleon), I experienced the same problems as the original poster (the
browser just spins). Letting the browser spin until the Squid timeout is
reached results in a browser error (The connection to www.iisplus0.ch has
terminated unexpectedly. Some data may have been transferred.). Using a
parent, the access.log shows a TCP_MISS/000 in the child TCP_MISS/200 in the
parent. Using squid direct shows TCP_MISS/200. The number following is
always 2535 (i.e. ...TCP_MISS/200 2535...).

The access.log entries only show up after hitting "stop" on the browser, or
letting the connection timeout expire. None of the proxies I tested have
persistent connections enabled.

Don't know if this helps at all, but it does appear to be the interaction
between that site and Squid.

Chris
Received on Wed Nov 10 2004 - 12:22:31 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:01 MST