HTTPS stunnel error:1408F09B:SSL routines:ssl3_get_record:https proxy request

Question

I am configuring the HTTPS proxy with stunnel and squid.

But, I received the Mozilla error page "Secure Connection Failed", in case I am making browser requests through port 44444(stunnel).

What I am missing?

1. In case I am making a direct browser request to (https://192.168.0.101:44444) stunnel is accepting connections on the 44444 port and successfully forwarding traffic to the squid proxy port (55555), as a result, the squid error page received.

2. If I am making requests through the squid port(55555), everything is working fine.

The SSL certificate is self-signed. Generated by this command:

sudo openssl req -nodes -new -days 365 -newkey rsa:1024 -x509 -keyout serverkey.pem -out servercert.pem

stunnel.log

2020.10.01 17:54:05 LOG7[main]: Found 1 ready file descriptor(s)
2020.10.01 17:54:05 LOG7[main]: FD=4 events=0x2001 revents=0x0
2020.10.01 17:54:05 LOG7[main]: FD=6 events=0x2001 revents=0x1
2020.10.01 17:54:05 LOG7[main]: Service [squid] accepted (FD=3) from 10.140.37.30:42284
2020.10.01 17:54:05 LOG7[33]: Service [squid] started
2020.10.01 17:54:05 LOG7[33]: Option TCP_NODELAY set on local socket
2020.10.01 17:54:05 LOG5[33]: Service [squid] accepted connection from 10.140.37.30:42284
2020.10.01 17:54:05 LOG6[33]: Peer certificate not required
2020.10.01 17:54:05 LOG7[33]: TLS state (accept): before SSL initialization
2020.10.01 17:54:05 LOG3[33]: SSL_accept: 1408F09B: error:1408F09B:SSL routines:ssl3_get_record:https proxy request

stunnel.conf

chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4

pid = /stunnel4.pid

debug = 7
output = /stunnel.log
syslog = no

cert = /etc/stunnel/servercert.pem
key = /etc/stunnel/serverkey.pem

verify = 1

CApath = /certs

CRLpath = /crls

client = no
[squid]
accept = 44444
connect = 55555

squid.conf

acl localnet src 192.168.0.0/16

acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT


http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access allow all

http_port 55555

coredump_dir /var/spool/squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$     0       20%     2880
refresh_pattern .               0       20%     4320

Answer 1

Everything is fine with the config on the stunnel side. The problem was with my client, due to misconfiguration, it does not initiate SSL\TLS handshake.