-----Original Message----- From: Tim Neto [mailto:[EMAIL PROTECTED] Sent: Wednesday, 10 November 2004 3:02 AM To: Henrik Nordstrom Cc: Brad Larden; Elsen Marc; [EMAIL PROTECTED] Subject: Re: [squid-users] https problem with squid 2.5.STABLE6
This issue has been discussed many times in the Squid mailing list. The problem is not with Squid, but with IE's use of a broken WININET.DLL library. The library first sends a HTTPS request, then switches to HTTP. Many secure web sites require a continued stream of HTTPS. The WININET.DLL of Windows 2003 Enterprise Edition is not broken, but Windows 2000, and Windows XP (non-SP2) is not. I have yet to confirm whether Windows XP SP2 is broken or not. Note, any other Microsoft based application (Visual Studio type of application) that uses the broken WININET.DLL will have the same problem. If the HTTPS site being access is required for by your organization, allow the site direct access through your Squid with appropriate ACL and Access rules. This diminishes the problem. Tim ----------------------------------------------------------- Timothy E. Neto Computer Systems Engineer Komatsu Canada Limited Ph#: 905-625-6292 x265 1725B Sismet Road Fax: 905-625-6348 Mississauga, Canada E-Mail: [EMAIL PROTECTED] L4W 1P9 ----------------------------------------------------------- G'Day Tim, I understand what you're saying but my problem only occurred some time yesterday on 2 proxy servers in the same location. Using alternate proxy servers with the same client machines works correctly. So, as far as I can tell, this does not point to an issue with the broken Microsoft browser, rather, it points to something broken on these two proxy servers. Even after grabbing the latest 2.5.STABLE release and compiling fresh it still does not work, so it appears to me that the problem is perhaps not squid per-se but an associated library or some hack has been applied to my servers which only affects https requests. Regards, Brad. Henrik Nordstrom wrote: > On Tue, 9 Nov 2004, Brad Larden wrote: > >> I understand what you're saying but I can 'see' the request hit the >> proxy server from the client. > > > In your trace I can only see a new TCP connection, but no request sent > by the browser on this connection. > > Regards > Henrik >
