Description of problem: Repository sync via HTTPS proxy fails with error Cannot connect to host proxy_url:port ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)] in Red Hat Satellite 7.0 but manifest operation works fine. Version-Release number of selected component (if applicable): Satellite 7.0 (Snap 9) + RHEL 7 How reproducible: 100% Steps to Reproduce: 1. Install and Configure a Red Hat Satellite 7 server. 2. Deploy a squid proxy with HTTPS based authentication (Username testuser and password Password@123 ) 3. Configure that proxy in Satellite to be used as the Default HTTP proxy for content syncing and manifest operations. 4. Test following actions : * Add subscriptions to manifest * Refresh Manifest * Check if Repository listing is available or not from Content --> RedHat Repositories page and also see if available release versions are being displayed for rhel-7-server-rpms or not * Try syncing any Redhat or Custom repo, Actual results: Every else will be working excpet the last point i.e. Repo sync. Error from foreman logs: ~~~ 2022-02-14T04:45:32 [I|app|ddc6c5af] Started POST "/katello/sync_management/sync" for 10.74.9.134 at 2022-02-14 04:45:32 -0500 2022-02-14T04:45:33 [I|app|ddc6c5af] Processing by Katello::SyncManagementController#sync as JS 2022-02-14T04:45:33 [I|app|ddc6c5af] Parameters: {"utf8"=>"✓", "sync_status_url"=>"", "repoids"=>["13"], "commit"=>"Synchronize Now"} 2022-02-14T04:45:33 [I|bac|ddc6c5af] Task {label: , id: eac8b73a-8abd-4a8f-ab95-2b119a5bc05d, execution_plan_id: 4be78dfa-24c3-4a6d-9b67-0a7bb9c42ddc} state changed: pending 2022-02-14T04:45:33 [I|bac|ddc6c5af] Task {label: Actions::Katello::Repository::Sync, id: eac8b73a-8abd-4a8f-ab95-2b119a5bc05d, execution_plan_id: 4be78dfa-24c3-4a6d-9b67-0a7bb9c42ddc} state changed: planning 2022-02-14T04:45:33 [I|bac|ddc6c5af] Task {label: Actions::Katello::Repository::Sync, id: eac8b73a-8abd-4a8f-ab95-2b119a5bc05d, execution_plan_id: 4be78dfa-24c3-4a6d-9b67-0a7bb9c42ddc} state changed: planned 2022-02-14T04:45:33 [I|app|ddc6c5af] Completed 200 OK in 500ms (Views: 0.3ms | ActiveRecord: 32.6ms | Allocations: 131668) 2022-02-14T04:45:33 [I|bac|ddc6c5af] Task {label: Actions::Katello::Repository::Sync, id: eac8b73a-8abd-4a8f-ab95-2b119a5bc05d, execution_plan_id: 4be78dfa-24c3-4a6d-9b67-0a7bb9c42ddc} state changed: running 2022-02-14T04:45:42 [E|bac|ddc6c5af] Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)] (Katello::Errors::Pulp3Error) ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:108:in `block in check_for_errors' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:106:in `each' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:106:in `check_for_errors' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:160:in `poll_external_task' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action/polling.rb:100:in `poll_external_task_with_rescue' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action/polling.rb:22:in `run' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action/cancellable.rb:14:in `run' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/pulp3/abstract_async_task.rb:10:in `run' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action.rb:582:in `block (3 levels) in execute_run' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:27:in `pass' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:19:in `pass' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:32:in `run' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:23:in `call' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:27:in `pass' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:19:in `pass' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:16:in `block in run' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:40:in `block in as_remote_user' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/models/katello/concerns/user_extensions.rb:21:in `cp_config' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:27:in `as_cp_user' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:39:in `as_remote_user' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/katello-4.3.0.2/app/lib/actions/middleware/remote_action.rb:16:in `run' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:23:in `call' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:27:in `pass' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:19:in `pass' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-5.2.1/app/lib/actions/middleware/rails_executor_wrap.rb:14:in `block in run' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/activesupport-6.0.3.7/lib/active_support/execution_wrapper.rb:88:in `wrap' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/foreman-tasks-5.2.1/app/lib/actions/middleware/rails_executor_wrap.rb:13:in `run' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:23:in `call' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware/stack.rb:27:in `pass' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/middleware.rb:19:in `pass' ddc6c5af | /opt/theforeman/tfm/root/usr/share/gems/gems/dynflow-1.6.1/lib/dynflow/action/progress.rb:31:in `with_progress_calculation' ~~~ Error from Pulp logs: ~~~ eb 14 04:45:40 satellite7 pulpcore-worker-2: Backing off download_wrapper(...) for 1.2s (aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)]) Feb 14 04:45:40 satellite7 pulpcore-worker-2: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: backoff:INFO: Backing off download_wrapper(...) for 1.2s (aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)]) Feb 14 04:45:41 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: - - [14/Feb/2022:09:45:41 +0000] "GET /pulp/api/v3/tasks/6e00d4d3-007d-41f0-86e3-e14904df789a/ HTTP/1.1" 200 666 "-" "OpenAPI-Generator/3.16.0/ruby" Feb 14 04:45:42 satellite7 pulpcore-worker-2: Giving up download_wrapper(...) after 5 tries (aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)]) Feb 14 04:45:42 satellite7 pulpcore-worker-2: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: backoff:ERROR: Giving up download_wrapper(...) after 5 tries (aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)]) Feb 14 04:45:42 satellite7 pulpcore-worker-2: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: pulpcore.tasking.pulpcore_worker:INFO: Task 6e00d4d3-007d-41f0-86e3-e14904df789a failed (Cannot connect to host 10.74.xxx.yy:3128 ssl:default [[SSL: UNKNOWN_PROTOCOL] unknown protocol (_ssl.c:1131)]) Feb 14 04:45:42 satellite7 pulpcore-worker-2: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: pulpcore.tasking.pulpcore_worker:INFO: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/tasking/pulpcore_worker.py", line 377, in _perform_task Feb 14 04:45:42 satellite7 pulpcore-worker-2: result = func(*args, **kwargs) Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/tasks/synchronizing.py", line 453, in synchronize Feb 14 04:45:42 satellite7 pulpcore-worker-2: remote_url = fetch_remote_url(remote) Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/tasks/synchronizing.py", line 282, in fetch_remote_url Feb 14 04:45:42 satellite7 pulpcore-worker-2: get_repomd_file(remote, normalized_remote_url) Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/tasks/synchronizing.py", line 240, in get_repomd_file Feb 14 04:45:42 satellite7 pulpcore-worker-2: return downloader.fetch() Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/base.py", line 180, in fetch Feb 14 04:45:42 satellite7 pulpcore-worker-2: return done.pop().result() Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/http.py", line 259, in run Feb 14 04:45:42 satellite7 pulpcore-worker-2: return await download_wrapper() Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/backoff/_async.py", line 133, in retry Feb 14 04:45:42 satellite7 pulpcore-worker-2: ret = await target(*args, **kwargs) Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulpcore/download/http.py", line 255, in download_wrapper Feb 14 04:45:42 satellite7 pulpcore-worker-2: return await self._run(extra_data=extra_data) Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib/python3.8/site-packages/pulp_rpm/app/downloaders.py", line 114, in _run Feb 14 04:45:42 satellite7 pulpcore-worker-2: async with self.session.get( Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/client.py", line 1117, in __aenter__ Feb 14 04:45:42 satellite7 pulpcore-worker-2: self._resp = await self._coro Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/client.py", line 520, in _request Feb 14 04:45:42 satellite7 pulpcore-worker-2: conn = await self._connector.connect( Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 535, in connect Feb 14 04:45:42 satellite7 pulpcore-worker-2: proto = await self._create_connection(req, traces, timeout) Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 890, in _create_connection Feb 14 04:45:42 satellite7 pulpcore-worker-2: _, proto = await self._create_proxy_connection(req, traces, timeout) Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 1073, in _create_proxy_connection Feb 14 04:45:42 satellite7 pulpcore-worker-2: transport, proto = await self._create_direct_connection( Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 1051, in _create_direct_connection Feb 14 04:45:42 satellite7 pulpcore-worker-2: raise last_exc Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 1020, in _create_direct_connection Feb 14 04:45:42 satellite7 pulpcore-worker-2: transp, proto = await self._wrap_create_connection( Feb 14 04:45:42 satellite7 pulpcore-worker-2: File "/opt/theforeman/tfm-pulpcore/root/usr/lib64/python3.8/site-packages/aiohttp/connector.py", line 973, in _wrap_create_connection Feb 14 04:45:42 satellite7 pulpcore-worker-2: raise ClientConnectorSSLError(req.connection_key, exc) from exc Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: - - [14/Feb/2022:09:45:42 +0000] "GET /pulp/api/v3/tasks/6e00d4d3-007d-41f0-86e3-e14904df789a/ HTTP/1.1" 200 3869 "-" "OpenAPI-Generator/3.16.0/ruby" Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: - - [14/Feb/2022:09:45:42 +0000] "GET /pulp/api/v3/contentguards/certguard/rhsm/?name=RHSMCertGuard HTTP/1.1" 200 2800 "-" "OpenAPI-Generator/1.5.0/ruby" Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: - - [14/Feb/2022:09:45:42 +0000] "PATCH /pulp/api/v3/contentguards/certguard/rhsm/730e2691-c9b5-48db-b510-68d1b806b5f5/ HTTP/1.1" 200 2748 "-" "OpenAPI-Generator/1.5.0/ruby" Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: - - [14/Feb/2022:09:45:42 +0000] "GET /pulp/api/v3/contentguards/certguard/rhsm/?name=RHSMCertGuard HTTP/1.1" 200 2800 "-" "OpenAPI-Generator/1.5.0/ruby" Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: - - [14/Feb/2022:09:45:42 +0000] "PATCH /pulp/api/v3/contentguards/certguard/rhsm/730e2691-c9b5-48db-b510-68d1b806b5f5/ HTTP/1.1" 200 2748 "-" "OpenAPI-Generator/1.5.0/ruby" Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: - - [14/Feb/2022:09:45:42 +0000] "GET /pulp/api/v3/distributions/rpm/rpm/?base_path=RedHat%2FLibrary%2Fcontent%2Fdist%2Frhel%2Fserver%2F7%2F7Server%2Fx86_64%2Fansible%2F2.9%2Fos HTTP/1.1" 200 728 "-" "OpenAPI-Generator/3.16.1/ruby" Feb 14 04:45:42 satellite7 pulpcore-api: pulp [ddc6c5af-cb5e-489d-9929-850a10ecca0d]: - - [14/Feb/2022:09:45:42 +0000] "PATCH /pulp/api/v3/distributions/rpm/rpm/e65323cc-e31c-4076-b132-3c128ad94d5b/ HTTP/1.1" 202 67 "-" "OpenAPI-Generator/3.16.1/ruby" ~~~ Expected results: Repo sync should get successfully completed while using HTTPS proxy with Satellite 7.0 Additional info: NA