I do not see this behavior from the working cURL capture. Python requests is sending the CONNECT command to the proxy server in clear text and not inside of the https tunnel. UPDATE: I opened a capture from the working cURL session and from the python session in wireshark. In my production environment this is required as it is an authenticated proxy sending credentials in the header as clear text, so the https connection to squid is a hard requirement. My suspicion is that the requests client does not know how to deal with the client -> squid over https vs over http. Our clients receive the error 'Read Error (104) Connection reset by peer' often when accessing most common sites through the squid proxy. R = requests.get('', headers=headers, proxies=proxies) The CONNECT command to create the end-to-end tunnel is never sent from the python client. I see the following entry in the squid log that corresponds to this connect attempt: 1585958924.312 0 192.168.1.100 NONE/000 0 NONE error:transaction-end-before-headers - HIER_NONE/. I packet capture on the squid server and I see the 3-way handshake complete and a push come from the python client followed by a TCP RESET from the squid server. However, when I attempt to make the call from Python requests, I get the following error: : HTTPSConnectionPool(host='', port=443): Max retries exceeded with url: / (Caused by ProxyError('Cannot connect to proxy.', ConnectionResetError(54, 'Connection reset by peer'))) Squid is NOT doing any TLS Intercept/Bump I have a squid proxy set up in my lab replicating a production issue with the python requests library.
0 Comments
Leave a Reply. |