Squid SSL transparent proxy - SSL_connect:error in SSLv2/v3 read server hello A

I am trying to setup a SSL proxy for one of my internal servers to visit https://www.googleapis.com using Squid, to make my Rails application on that server to reach googleapis.com via the proxy.

I am new to this, so my approach is to setup a SSL transparent proxy with Squid. I build Squid 3.3 on Ubuntu 12.04, generated a pair of ssl key and crt, and configure squid like this:

http_port 443 transparent cert=/home/larry/ssl/server.csr key=/home/larry/ssl/server.key

And leaves almost all other configurations default. The authorization of the dir that holds key/crt is drwxrwxr-x 2 proxy proxy 4096 Oct 17 15:45 ssl

Back on my dev laptop, I put <proxy-server-ip> www.googleapis.com in my /etc/hosts to make the call goes to my proxy server.

But when I try it in my rails application, I got:

SSL_connect returned=1 errno=0 state=SSLv2/v3 read server hello A: unknown protocol

And I also tried with openssl in cli:

openssl s_client -state -nbio -connect www.googleapis.com:443 2>&1 | grep "^SSL"
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
SSL_connect:error in SSLv2/v3 read server hello A

Where did I do wrong?

Solution 1:

Does this file really contain your cert?

  cert=/home/larry/ssl/server.csr

If you're following standard conventions, that's your CSR, certificate signing request, that you sent to your SSL vendor. The SSL vendor, in return, gave you a certificate (often .crt) file that you need to use here.