Hi
Using latest squid 3.4.4 with ssl_bump.
With ssl_bump enabled, I receive an error in cache.log (and the
browser too) while opening the page
'https://www.pubservice.com/Subnew2page.aspx?PC=LJ':
fwdNegotiateSSL: Error negotiating SSL connection on FD 67:
error:00000000:lib(0):func(0):reason(0) (5/-1/104)
I have found two workarounds:
1) Find out, which encryption the SSL-connection is using (curl -s -v
-I -k "https://www.pubservice.com/Subnew2page.aspx?PC=LJ") and search
for "SSL connection using RC4-SHA".
1a) Define 'sslproxy_cipher RC4-SHA' in squid.conf and reload squid
2) Deny ssl_bump for the site mentioned above.
Question:
What encryption types does squid allow per default in sslproxy_cipher?
Why do I need to extend the sslproxy_cipher-directive in some
circumstandes? Why is this site not working with ssl_bump enabled and
the default "sslproxy_cipher"?
Thanks a lot.
Tom
Received on Wed Mar 19 2014 - 08:56:59 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 19 2014 - 12:00:05 MDT