[squid-users] Unliked SSL cipher

dijxie at gmail.com dijxie at gmail.com
Wed Apr 19 15:44:43 UTC 2017 

Do you recieve the same error while connecting to  
https://www.wikipedia.org?

If you connect to https://91.198.174.192/* directly, your browser 
schould warn you about ssl issue; that is because of:

CN = *.wikipedia.org

SAN=
*.wikipedia.org
wikipedia.org
*.m.wikipedia.org
*.zero.wikipedia.org
wikimedia.org
*.wikimedia.org
*.m.wikimedia.org
*.planet.wikimedia.org
mediawiki.org

This certificate is not allowed to be used with IP address (which is 
common) and that is the issue I suppose. Certificate is V3 sha256, which 
is... perfectly normal.

On 2017-04-19 08:49, turgut kalfaoğlu wrote:
>
> Hi. Can I ask for assistance solving this problem. Many thanks!
>
> Fedora # rpm -qa|grep squid
> squid-4.0.17-1.fc25.x86_64
> # uname -a
> Linux www.kalfaoglu.net 4.10.10-200.fc25.x86_64 #1 SMP Thu Apr 13 
> 01:11:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>
>
>   ERROR
>
>
>     The requested URL could not be retrieved
>
> ------------------------------------------------------------------------
>
> The following error was encountered while trying to retrieve the URL: 
> https://91.198.174.192/*
>
>     *Failed to establish a secure connection to 91.198.174.192*
>
> The system returned:
>
>     (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
>
>     Handshake with SSL server failed: error:140920F8:SSL
>     routines:ssl3_get_server_hello:unknown cipher returned
>
> This proxy and the remote host failed to negotiate a mutually 
> acceptable security settings for handling your request. It is possible 
> that the remote host does not support secure connections, or the proxy 
> is not satisfied with the host security credentials.
>
> Your cache administrator is root 
> <mailto:root?subject=CacheErrorInfo%20-%20ERR_SECURE_CONNECT_FAIL&body=CacheHost%3A%20proxy%0D%0AErrPage%3A%20ERR_SECURE_CONNECT_FAIL%0D%0AErr%3A%20%2871%29%20Protocol%20error%0D%0ATimeStamp%3A%20Wed,%2019%20Apr%202017%2006%3A46%3A00%20GMT%0D%0A%0D%0AClientIP%3A%20192.168.1.194%0D%0AServerIP%3A%2091.198.174.192%0D%0A%0D%0AHTTP%20Request%3A%0D%0ACONNECT%20%2F%20HTTP%2F1.1%0AHost%3A%2091.198.174.192%0D%0A%0D%0A%0D%0A>.
>
>
> ------------------------------------------------------------------------
>
> Generated Wed, 19 Apr 2017 06:46:00 GMT by proxy (squid/4.0.17)
>
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users


--

More information about the squid-users mailing list