[squid-users] after changed from 3.4.13 to 3.5.8 sslbump doesn't work for the site https://banking.postbank.de/
Marcus Kool
marcus.kool at urlfilterdb.com
Sat Sep 26 23:37:50 UTC 2015
On 09/26/2015 03:03 PM, Dieter Bloms wrote:
> Hallo Marcus,
>
> On Thu, Sep 17, Marcus Kool wrote:
>
>> I just tried accessing https://banking.postbank.de/
>> using Squid 3.5.8 and Chrome.
>> I also got the ERR_CONNECTION_CLOSED error.
>
> thank you for testing, so I think the fault is not my config.
> May it be a bug in squid or openssl, or maybe the webserver ?
The webserver has an error: it must supply the complete certificate chain but it sends only one certificate.
Squid has correctly implemented the web standards and refuses to use the incomplete certificate chain.
Most browsers fix the problem caused by web servers by downloading the missing certificates.
This is not defined in a relevant standard but very handy.
As I described in my previous post, you can fix this webserver problem by the appropriate ACL in squid.conf
and you may also send a complaint to the webmaster responsible for the faulty webserver.
Marcus
More information about the squid-users
mailing list