How to enable HTTPS with squid?

beer9
beer9 used Ask the Experts™
on
when I try to access https://www.yahoo.com then I am getting following error in my access.log of squid server

Curl output
# curl https://www.yahoo.com
curl: (35) SSL received a record that exceeded the maximum permissible length.

Open in new window


Squid access log error
415957951.803      0 10.0.128.142 NONE/400 3611 NONE error:invalid-request - NONE/- text/html

Open in new window


My squid.conf

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
visible_hostname ip-10-0-132-133

Open in new window


How do I enable HTTPS proxy through my squid server?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Fixer of Problems
Most Valuable Expert 2014
Commented:
First make sure you have the current version of cURL along with the files for SSL/TLS.  Then try it this way with -k to turn off the 'peer verification'.
curl -k https://www.yahoo.com

Open in new window


This is the version I'm using: http://www.paehl.com/open_source/?download=curl_739_0_ssh2_ssl.zip  from http://www.paehl.com/open_source/?CURL_7.39.0

Author

Commented:
actually I have a tomcat and multiple other application as well who will be using this squid proxy server.. which will help   to enable this functionality to all the application

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial