On 2/12/20 4:15 AM, lejeczek via CentOS-devel wrote: > On 12/02/2020 10:46, lejeczek via CentOS-devel wrote: >> hi devel guys, >> >> I thought I'd ask here directly for it begins to worry me a bit. What's >> that? Well.. it's a freshly set up Centos8 box which has no direct way >> out but via Squid proxy(Centos7 squid-3.5.20-12.el7_6.1.x86_64) and it >> seems that lots of things do not want to work, eg.: >> >> $ podman search centos >> ERRO[0000] error searching registry "registry.fedoraproject.org": >> couldn't search registry "registry.fedoraproject.org": error pinging >> docker registry registry.fedoraproject.org: Get >> https://registry.fedoraproject.org/v2/: proxyconnect tcp: tls: first >> record does not look like a TLS handshake >> ERRO[0000] error searching registry "docker.io": couldn't search >> registry "docker.io": error pinging docker registry index.docker.io: Get >> https://index.docker.io/v2/: proxyconnect tcp: tls: first record does >> not look like a TLS handshake >> ERRO[0000] error searching registry "registry.access.redhat.com": >> couldn't search registry "registry.access.redhat.com": error pinging >> docker registry registry.access.redhat.com: Get >> https://registry.access.redhat.com/v2/: proxyconnect tcp: tls: first >> record does not look like a TLS handshake >> ERRO[0000] error searching registry "registry.centos.org": couldn't >> search registry "registry.centos.org": error pinging docker registry >> registry.centos.org: Get https://registry.centos.org/v2/: proxyconnect >> tcp: tls: first record does not look like a TLS handshake >> >> Another example is R from EPEL, installing any package/library in R also >> fails in similar way and at Squid's end I get lots of: >> >> ... >> >> 1581503634.209 1 10.5.8.17 TAG_NONE/400 4300 >> %1F%8Dl%E4%C9z%CFD$%ED%87%EF%A9%F4%F7%05%E7%9Cja%E8%23Y%B5%A5%EBb%7BT%8F%B4 >> - HIER_NONE/- text/html >> 1581503634.211 1 10.5.8.17 TAG_NONE/400 4315 NONE >> error:invalid-request - HIER_NONE/- text/html >> 1581503634.211 0 10.5.8.17 TAG_NONE/400 4120 &%AFi%BB%1A%AD%03%9C >> - HIER_NONE/- text/html >> 1581503634.211 0 10.5.8.17 TAG_NONE/400 4270 >> T%88vH5%BAw%EE%FB%1F9%DE%D5%B9%90%C7%05?%F1%D6%22%E3%5B%8F%7F%7C%E6 - >> HIER_NONE/- text/html >> 1581503634.212 0 10.5.8.17 TAG_NONE/400 4300 >> %85S%80%BAKh%8E%AB+%90%D4%8Ad%F0%B4%EB%C1or%5E%BEY%800+%F8%98%AF%04!%97%F0 >> - HIER_NONE/- text/html >> 1581503634.212 0 10.5.8.17 TAG_NONE/400 4192 >> %DA%E6%9E3%DB%9AP%E0q%A3%89c%BBeO%C2%A5%0F - HIER_NONE/- text/html >> 1581503634.213 0 10.5.8.17 TAG_NONE/400 4074 %1Ej%8D%17 - >> HIER_NONE/- text/html >> 1581503634.213 0 10.5.8.17 TAG_NONE/400 4564 NONE >> error:invalid-request - HIER_NONE/- text/html >> 1581503663.358 529 10.8.9.208 TCP_TUNNEL/200 4442 CONNECT >> v10.events.data.microsoft.com:443 - HIER_DIRECT/52.114.128.10 - >> 1581503708.562 1 10.5.8.17 TAG_NONE/400 4300 >> %EF%1E%F9%10:%9E%CE(%85%F4%CD%DEc%809%0EnU%BD%E3%9F@%14%8C%FF!%03%7C?*%B5l >> - HIER_NONE/- text/html >> 1581503708.563 1 10.5.8.17 TAG_NONE/400 4315 NONE >> error:invalid-request - HIER_NONE/- text/html >> 1581503708.564 0 10.5.8.17 TAG_NONE/400 4315 >> %9D%7D%17.%D0%F4%B2%C9%B6V%8E%B5%BB%10X%AF%F1%E3g%3C%14%90%C2%F7%AF%E6P%19%1D6%98%C1%DB >> - HIER_NONE/- text/html >> 1581503708.564 0 10.5.8.17 TAG_NONE/400 4242 >> -N%08,%3E.%93%F87l%0F%7F%89G%0E%1C%A0%A7%90%DF%8A+%D9%E4c - HIER_NONE/- >> text/html >> 1581503708.565 1 10.5.8.17 TAG_NONE/400 4315 >> %D1f%E3%891%EA%86%07%07%B7%EEu%BF%83F%AD%E4%A2%FB7%CE%ACw%1Cf*%E2%FD%BD%9A%5E%07 >> - HIER_NONE/- text/html >> 1581503708.565 0 10.5.8.17 TAG_NONE/400 4315 NONE >> error:invalid-request - HIER_NONE/- text/html >> 1581503708.565 0 10.5.8.17 TAG_NONE/400 4280 >> %A3%13%EE%D9%5CIfKzS%F39x%AB%CE%F8%D0A%D7Y%8A4%C17%FC%9A%B9%98%87%CBz - >> HIER_NONE/- text/html >> 1581503708.566 0 10.5.8.17 TAG_NONE/400 4174 >> %C1;%A4q%8E%81%E6%CE%E1%DC%81N%1D%F0 - HIER_NONE/- text/html >> >> Everything else seems to work fine, a small group of Centoses 7 use that >> Squid just fine, Windows boxes too. >> >> Would you share any thoughts as to what might be going on there? >> >> many thanks, L. > > What is different - before I could ever dig that up you can probably > tell already - in our Centos8 that makes "stuff" fail? > > Here "stuff" fails: > > export https_proxy="https:${_proxy}" > export HTTPS_PROXY="https:${_proxy}" > > but this works: > > export https_proxy="http:${_proxy}" > export HTTPS_PROXY="http:${_proxy}" > > and, what fails in Centos8 (still)works in Centos7. First, as others have noted, make sure that if your are using https: to connect to your proxy that that is in fact supported - most are not configured that way. However, I just fixed an issue with podman not working with our local SSL proxy (e2guardian) because podman restricts ciphers to ECDHE and the proxy did not support those ciphers. On EL7 w/ openssl 1.0.2, servers must explicitly enable ECDH(E) support which was not being done. -- Orion Poplawski Manager of NWRA Technical Systems 720-772-5637 NWRA, Boulder/CoRA Office FAX: 303-415-9702 3380 Mitchell Lane orion at nwra.com Boulder, CO 80301 https://www.nwra.com/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3799 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20200212/ca7738bf/attachment-0007.p7s>