[squid-users] SSL bump not working w/some sites.
L. A. Walsh
squid-user at tlinx.org
Mon Nov 7 18:59:47 UTC 2016
I have the SSL bump feature setup and so far have been happy with
it, but today, I got an error from a website, saying they detect my
ability to monitor my webtraffic and refuse to allow it:
The following error was encountered while trying to retrieve the URL:
Failed to establish a secure connection to 126.96.36.199
The system returned:
(71) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
Self-signed SSL Certificate in chain: /C=US/O=Entrust, Inc./OU=See
www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized
use only/CN=Entrust Root Certification Authority - G2
This proxy and the remote host failed to negotiate a mutually acceptable
security settings for handling your request. It is possible that the
remote host does not support secure connections, or the proxy is not
satisfied with the host security credentials.
Your cache administrator is webmaster.
How are they detecting and how can I disable their ability to detect
my local setup?
If they can detect SSLbumping, so can every other
site using HTTPS, which will eventually lead to ALL sites checking the
connection settings for some "purported" reason of "protecting me"...
Thanks for any good workarounds...
More information about the squid-users