Re: [squid-users] NONE/501 in an https:// POST request

Fri, 21 Jan 2011 02:31:32 -0800 

* Amos Jeffries <[email protected]>:

> >1294680915.190      0 10.43.120.109 NONE/501 4145 POST 
> >https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- 
> >text/html
> >1294681815.209      0 10.43.120.109 NONE/501 4145 POST 
> >https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- 
> >text/html
> >1294682115.216      0 10.43.120.109 NONE/501 4145 POST 
> >https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- 
> >text/html
> >1294682715.230      0 10.43.120.109 NONE/501 4145 POST 
> >https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- 
> >text/html
> >1294683315.245      0 10.43.120.109 NONE/501 4145 POST 
> >https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- 
> >text/html
> >1294683615.251      0 10.43.120.109 NONE/501 4145 POST 
> >https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- 
> >text/html
> >1294684815.280      0 10.43.120.109 NONE/501 4145 POST 
> >https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- 
> >text/html
> >1294685115.286      0 10.43.120.109 NONE/501 4145 POST 
> >https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - HIER_NONE/- 
> >text/html

So, I enabled SSL using --enable-ssl and now I'm getting:

1295605546.943    313 141.42.231.227 TCP_MISS/503 4251 GET 
https://enis.eurotransplant.nl/donor-webservice/dpa?WDSL - 
HIER_DIRECT/194.151.178.174 text/html
and the error output consists of the ERR_SECURE_CONNECT_FAIL error message

cache.log says:

2011/01/21 11:25:46| fwdNegotiateSSL: Error negotiating SSL connection on FD 
1539: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal 
parameter (1/-1/0)
2011/01/21 11:25:46| fwdNegotiateSSL: Error negotiating SSL connection on FD 
281: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal 
parameter (1/-1/0)
2011/01/21 11:25:46| fwdNegotiateSSL: Error negotiating SSL connection on FD 
281: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal 
parameter (1/-1/0)

I enabled 
# START
acl BrokenServersAtTrustedIP dst 194.151.178.174/32
sslproxy_cert_error allow BrokenServersAtTrustedIP
sslproxy_cert_error deny all
# ENDE

What am I missing?

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  [email protected] | http://www.charite.de

Reply via email to