Hello Dave, thanks for answer.
I already tried this and I didn't succeed. I tries configurations of curl/wget, traffic server, even a solution with created plugin of traffic server, where I wanted to redirect ssl packets to right ssl ports, but I wasn't succeed. Is there another way how to block the connect request? At least some script, which can redirect the ssl requests according to http header to right port? Jiri 2015-05-05 15:55 GMT+02:00 Dave Thompson <da...@yahoo-inc.com.invalid>: > Jiri, > > This is a client initiated behavior issue. If you want your client to SSL > terminate at ATS, it needs to send an SSL client-hello rather than a > CONNECT as the first message. If you are using curl, a --proxy to an SSL > site, will do a CONNECT rather than SSL terminate. If in doubt, a > tcpdump/wireshark can be used to confirm what client is sending. > Perhaps your test browser configured to proxy tunnel as well. > > Dave > > > On Tuesday, May 5, 2015 6:02 AM, Jiří Podhorský < > podhorsky....@gmail.com> wrote: > > > Hello, > > I'm trying to configure traffic server with ssl termination > > https://docs.trafficserver.apache.org/en/latest/admin/security-options.en.html > > But ssl termination don't work with browsers, wget or curl, because first > request is CONNECT, which is not expected in ssl port and creates log: > > SSLv3, TLS handshake, Client hello (1): > error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol > Closing connection #0 > > (plain http request connect is taken as Client hello message of ssl). > > I didn't find a way, how to redirect this message to not-ssl port or deny > it. > > I tried to find some configuration or patch, but I didn't find any > workarouds for this issue. > > Can you help me? > > Thanks. > > Jiri > > > >
