[squid-users] cannot intercept "https://www.elastic.co/"
Murat K
murki777 at yahoo.com
Mon Feb 15 08:15:47 UTC 2016
Hi,I am running squid-3.3.8 (I also tried with Squid 3.5.0.4) on a centos 6.7 machine with openssl-1.0.1e-30.el6.8.x86_64, I have no problem with most of the ssl sites however when I try to connect to "https://www.elastic.co/" browsers cannot render the whole page (tried on windows 8 with chrome, ubuntu mozzilla)
I get below error from cache.log:2016/02/12 17:39:25 kid2| Error negotiating SSL on FD 57: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure (1/-1/0)
And below errors from the browser:ReferenceError: jQuery is not defined}(jQuery));GET https://813-mam-392.mktoresp.com/webevents/visitW...chPc=https%3A&_mchVr=151&_mchHa=&_mchRe=&_mchQp= 200 Abortedmunchkin.js (line 10)ReferenceError: $ is not defined$(document).ready(function(){
my squid config is like that:
http_port 0.0.0.0:8080 ssl-bump cert=/var/proxy/https_cert generate-host-certificates=onhttp_port 0.0.0.0:18080 intercept ssl-bump cert=/var/proxy/https_cert generate-host-certificates=onhttps_port 0.0.0.0:18081 intercept ssl-bump cert=/var/proxy/https_cert generate-host-certificates=on
acl no_ssl_interception dstdom_regex "/etc/squid/https_exceptions"ssl_bump none localhostssl_bump none no_ssl_interception ssl_bump server-first allacl https_proto proto httpsalways_direct allow https_protosslproxy_cert_error allow allsslproxy_flags DONT_VERIFY_PEER
what can cause this?And another problem, I cannot bypass some sites defined in the "/etc/squid/https_exceptions" file from https interception like "https://api.nuget.org/v3/ ", what can cause this?
thanks a lot,Murat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160215/95ee7ca9/attachment-0001.html>
More information about the squid-users
mailing list