[squid-users] A bunch of SSL errors I am not sure why
Amos Jeffries
squid3 at treenet.co.nz
Sun Jan 15 07:14:55 UTC 2017
On 15/01/2017 2:25 p.m., Sameh Onaissi wrote:
> Hello,
>
> I assume bypassed are non intercepted?
That depends on whether the bypass is bypassing interception or
something else.
> Once the site IP is on the bypass list, it opened without an issue.
There are a few other .gov.co<http://gov.co> sites who have the same
problem too.
>
> Attached is a screenshot of the error before I added the site to the bypass list.
>
If you actually read that error message it tells you exactly what the
problem is.
"Handshake with SSL server failed: [blah blah codes]: dh key too small"
The server is trying to use a Diffi-Helman cipher with a too-short key.
DH cipher with short keys has recently been broken. By recently I mean
about a whole year ago.
Amos
More information about the squid-users
mailing list