[squid-users] Unliked SSL cipher

turgut kalfaoğlu turgut at kalfaoglu.com
Thu Apr 20 04:44:21 UTC 2017 

On 04/19/2017 06:44 PM, dijxie at gmail.com wrote:
> Do you recieve the same error while connecting to 
> https://www.wikipedia.org?
Yes I do.

I also tried to connect to the IP address as well; and that gives me the 
same error.
The browser didn't say anything; it was squid that complained.
Regards,
  -turgut


>
> If you connect to https://91.198.174.192/* directly, your browser 
> schould warn you about ssl issue; that is because of:
>
> CN = *.wikipedia.org
>
> SAN=
> *.wikipedia.org
> wikipedia.org
> *.m.wikipedia.org
> *.zero.wikipedia.org
> wikimedia.org
> *.wikimedia.org
> *.m.wikimedia.org
> *.planet.wikimedia.org
> mediawiki.org
>
> This certificate is not allowed to be used with IP address (which is 
> common) and that is the issue I suppose. Certificate is V3 sha256, 
> which is... perfectly normal.
>
> On 2017-04-19 08:49, turgut kalfaoğlu wrote:
>>
>> Hi. Can I ask for assistance solving this problem. Many thanks!
>>
>> Fedora # rpm -qa|grep squid
>> squid-4.0.17-1.fc25.x86_64
>> # uname -a
>> Linux www.kalfaoglu.net 4.10.10-200.fc25.x86_64 #1 SMP Thu Apr 13 
>> 01:11:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>>
>>
>>   ERROR
>>
>>
>>     The requested URL could not be retrieved
>>
>> ------------------------------------------------------------------------
>>
>> The following error was encountered while trying to retrieve the URL: 
>> https://91.198.174.192/*
>>
>>     *Failed to establish a secure connection to 91.198.174.192*
>>
>> The system returned:
>>
>>     (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
>>
>>     Handshake with SSL server failed: error:140920F8:SSL
>>     routines:ssl3_get_server_hello:unknown cipher returned
>>
>> This proxy and the remote host failed to negotiate a mutually 
>> acceptable security settings for handling your request. It is 
>> possible that the remote host does not support secure connections, or 
>> the proxy is not satisfied with the host security credentials.
>>
>> Your cache administrator is root 
>> <mailto:root?subject=CacheErrorInfo%20-%20ERR_SECURE_CONNECT_FAIL&body=CacheHost%3A%20proxy%0D%0AErrPage%3A%20ERR_SECURE_CONNECT_FAIL%0D%0AErr%3A%20%2871%29%20Protocol%20error%0D%0ATimeStamp%3A%20Wed,%2019%20Apr%202017%2006%3A46%3A00%20GMT%0D%0A%0D%0AClientIP%3A%20192.168.1.194%0D%0AServerIP%3A%2091.198.174.192%0D%0A%0D%0AHTTP%20Request%3A%0D%0ACONNECT%20%2F%20HTTP%2F1.1%0AHost%3A%2091.198.174.192%0D%0A%0D%0A%0D%0A>.
>>
>>
>> ------------------------------------------------------------------------
>>
>> Generated Wed, 19 Apr 2017 06:46:00 GMT by proxy (squid/4.0.17)
>>
>>
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>
>

More information about the squid-users mailing list