[squid-users] SSL bump not working w/some sites.

L. A. Walsh squid-user at tlinx.org
Mon Nov 7 18:59:47 UTC 2016

I have the SSL bump feature setup and so far have been happy with
it, but today, I got an error from a website, saying they detect my
ability to monitor my webtraffic and refuse to allow it:

The following error was encountered while trying to retrieve the URL: 

    Failed to establish a secure connection to

The system returned:

    (71) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)

    Self-signed SSL Certificate in chain: /C=US/O=Entrust, Inc./OU=See 
www.entrust.net/legal-terms/OU=(c) 2009 Entrust, Inc. - for authorized 
use only/CN=Entrust Root Certification Authority - G2

This proxy and the remote host failed to negotiate a mutually acceptable 
security settings for handling your request. It is possible that the 
remote host does not support secure connections, or the proxy is not 
satisfied with the host security credentials.

Your cache administrator is webmaster.

How are they detecting and how can I disable their ability to detect
my local setup? 

If they can detect SSLbumping, so can every other
site using HTTPS, which will eventually lead to ALL sites checking the
connection settings for some "purported" reason of "protecting me"...

Thanks for any good workarounds...

More information about the squid-users mailing list