[squid-users] Error Negotiating SSL on FD 22 with chrome
Amos Jeffries
squid3 at treenet.co.nz
Thu Feb 4 04:59:03 UTC 2016
On 4/02/2016 4:11 p.m., xxiao8 wrote:
> I'm running squid/3.5.13/sslbump/intercept and saw the below when
> visiting gmail.com from Chrome 48, gmail.com can not be opened.
>
> However Firefox works fine, no errors in the log, gmail.com opens as
> expected.
>
> Error in the log:
> ==============
> Error negotiating SSL on FD 22:
> error:140920F8:lib(20):func(146):reason(248)
> ==============
>
> So, is this because of Chrome enforced ssl-pinning on google sites? I
> can open www.google.com under Chrome just fine though not the rest
> Google sites(gmail,youtube,etc). Again, Firefox has no such issues.
No. That error mssages is output when Squid hits a problem attempting to
do TLS handshake to the server or peer.
It may be caused by what Chrome is sending to Squid (and thus affecting
what Squid emits to the server), but its not pinning related unless they
have drastically changed the pinning algorithms. Pinning shows up as a
client connecting, being bumped (splice works okay AFAIK), then suddenly
disconnecting/aborting.
Amos
More information about the squid-users
mailing list