I'm new to trafficserver. Using ATS 3.2.5 on Debian 7.0 Wheezy, I need to be able to cache content from SSL requests.
These requests are made by an internal application against externals services, mostly using HTTPS. So, my application will be the client and external services origin server. Using HTTP proxy, requests work but content is not cached which, I think, is obviously OK since client will established CONNECT tunnel which makes ATS unable to see content. >From my understanding, I need to set up SSL termination. I followed: http://trafficserver.apache.org/docs/trunk/admin/security-options/#UsingSSLTermination For now, I use self-signed SSL certificate generated with: openssl req -x509 -newkey rsa:2048 -keyout keypriv.pem -out cert.pem -days 365 And passphrase is removed with openssl rsa -in keypriv.pem -out key.pem Between Client & ATS, here's what I use for configuration: CONFIG proxy.config.http.server_ports STRING 80:ipv4 443:ipv4:ssl CONFIG proxy.config.http.connect_ports STRING 443 563 CONFIG proxy.config.ssl.client.certification_level INT 0 CONFIG proxy.config.ssl.server.cert.path STRING /etc/trafficserver CONFIG proxy.config.ssl.server.cert.filename STRING cert.pem CONFIG proxy.config.ssl.server.private_key.path STRING /etc/trafficserver CONFIG proxy.config.ssl.server.private_key.filename STRING key.pem Still from my understanding, I don't need any specific option for ATS to origin server connections since ATS will act as client and therefore do not need any certificate. But, it does not work. Using curl, here's what I get: curl -vvv -k --proxy https://my_proxy:443 "https://secure.website.tld/"; * About to connect() to proxy my_proxy port 443 (#0) * Trying xxx.yyy.uuu.ttt... * connected * Connected to my_proxy (xxx.yyy.uuu.ttt) port 443 (#0) * Establish HTTP proxy tunnel to secure.website.tld:443 > CONNECT secure.website.tld:443 HTTP/1.1 > Host: secure.website.tld:443 > User-Agent: curl/7.26.0 > Proxy-Connection: Keep-Alive > * Easy mode waiting response from proxy CONNECT And here's what I get on ATS side: Server {0x2b3cb338b700} ERROR: SSL ERROR: SSL_ServerHandShake. Server {0x2b3cb338b700} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423: Server {0x2b3cb338b700} ERROR: SSL ERROR: SSL_ServerHandShake. Server {0x2b3cb338b700} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423: Server {0x2b3cb348c700} ERROR: SSL ERROR: SSL_ServerHandShake. Server {0x2b3cb348c700} ERROR: SSL::6:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423: Server {0x2b3cb348c700} ERROR: SSL ERROR: SSL_ServerHandShake. Server {0x2b3cb348c700} ERROR: SSL::6:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423: Server {0x2b3cb358d700} ERROR: SSL ERROR: SSL_ServerHandShake. Server {0x2b3cb358d700} ERROR: SSL::7:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:423: I bet I missed a point, but can't find which one. Any help appreciated, Jean-Baptiste
