wget with squid https_proxy not working

[ping2balaji]

Hi, We are facing issue when we use squid proxy serving https_proxy. client --> squid: is encrypted in a TLS session and squid is NOT performing man-in-the-middle or bump.

In the client machine i have exported the env variable as: https_proxy=https://192.168.200.4

After this when i do https access using "curl https://google.com" its working fine and in the pcap we can see that the curl is connecting to proxy first(192.168.200.4) and then it establishes TLS connection with this proxy. Only after this TLS connection is established, curl is sending CONNECT request to proxy to reach google.com:443 (https).

But when the same is tried with wget https://google.com we are getting following error: "Failed reading proxy response: Connection reset by peer Retrying." while checking pcap, it looks like wget is sending the CONNECT without establishing TLS to proxy(unlike curl). CONNECT is sent outside of the TLS tunnel in clear text! After the 3-way handshake, request sends a push, squid responds with an ack, and then requests sends the connect message but the message is not encrypted in the TLS tunnel. After which, squid acknowledges receipt of the CONNECT and immediately follows with a TCP RESET resulting in above connection reset by peer error.

Note: The squid logs show this: NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/- -

We depend on wget to download in many places. Any help highly appreciated on why its working in other ways like curl but not in wget.

Thanks, Balaji

[hexiaoyuchina]

I encountered a similar problem and did not find a solution. Have you solved it? If so, please let me know the solution.