Hi, all.

I've been working away at this fruitlessly for the entire afternoon --
I hate to, but I think it's time to ask for help.

I have an existing pound 2.2 installation which works beautifully with
straight HTTP. I've just built a new pound 2.5 on the same Ubuntu
10.04LTS box to take advantage of the SSH backends feature. However, I
can't seem to get the client to engage in SSL negotiation with the proxy.

Even with the https:// prefix in the URL, and a listening port of 443 on
the proxy, the communication from client to proxy consists of a single
request, in cleartext, to port 443 where it's silently (unlogged)
discarded by the proxy, I suppose because it wants SSL communication on
that port? I've only tested with Windows browser clients (Firefox 3.5
and IE8) at this point, both with proxy settings manually configured to
point to the listening ports of my pound 2.5 install.

I have a self-signed cert installed for testing, and it works fine with
(for example) stunnel.

I have the strong feeling that I'm missing the blindingly obvious, here.
Can anyone give me a clue? I love the software and I'd hate to have to switch to something else because I can't see what's right in front of my nose.. Thanks so much for any suggestions anyone can offer.

My config, in part:


ListenHTTP
         Address 206.108.209.193
         Port    3381
         xHTTP   3
End

ListenHTTPS
         Address 206.108.209.193
         Port    443
         xHTTP   3
         Cert    "/etc/pound/mycert.pem"

         Service
                 HeadRequire "Host:.*ec.virl.bc.ca.*"
                 BackEnd
                         Address ec.virl.bc.ca
                         Port 443
                         HTTPS
                 End
         End
End

Service
         URL "http://contentcafe.btol.com/*";
         BackEnd
                 Address contentcafe.btol.com
                 Port 80
         End
End

Service
         URL "http://msgs.virl.bc.ca/denied.html";
         BackEnd
                 Address msgs.virl.bc.ca
                 Port    80
         End
End

Service
         Redirect "http://msgs.virl.bc.ca/denied.html";
End



--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

Reply via email to