Wireshark-users: Re: [Wireshark-users] invalid request

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Wed, 14 Mar 2012 00:11:30 -0700
On Mar 13, 2012, at 11:42 PM, mustafa wrote:

> it might be the problem is sending ssl over http because i configure squid in the intercept mode, but squid know how to deal with ssl,

Yes, it knows how to deal with SSL being sent directly to port 80 - it rejects it, as it should, just as a regular Web server will!

Either HTTP-over-SSL/TLS traffic should go to port 443:

	http://tools.ietf.org/html/rfc2818

or should start out as plain HTTP to, say, port 80, and upgrade to HTTP-over-SSL/TLS:

	http://tools.ietf.org/html/rfc2817

> i want to know what is the cause to block it , or find solution to it using squid

If the problem is that some browser or other client is sending SSL to port 80, the solution to it is to fix the browser or other client to stop doing so.

If the problem is that some device between the browser or client and the Squid proxy is sending SSL to port 80, the solution to it is to fix that device.

If the problem is that Squid is deciding to send SSL to port 80 in response to a properly-formed client request, the solution to it is to fix Squid.  How to do that is a question that should be asked on a mailing list for Squid, not for Wireshark; you're far more likely to find the people who know the answer to your question there (I don't know what the answer is, having never configured Squid in my life).