[squid-users] Error Message alert handshake failure
Amos Jeffries
squid3 at treenet.co.nz
Wed Aug 29 16:54:58 UTC 2018
On 30/08/18 2:16 AM, Walter H. wrote:
> Hello,
>
> what does this message
>
> 2018/08/29 16:11:28 kid1| Error negotiating SSL on FD 22:
> error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
> failure (1/-1/0)
>
> in cache.log mean?
The OpenSSL used by your proxy is attempting to negotiate some feature
of TLS/SSL the remote server does not like (eg. SSLv3). The remote
server is rejecting the TLS connection. Probably because there is no
alternative feature that it will accept from the one(s) the proxy is
requesting.
If this is happening during a regular proxy->server connection then
likely your OpenSSL config settings need adjusting or library upgrading.
If this is happening during SSL-Bump, that is commonly seen when admin
attempts to restrict the available features to only the modern "safe"
ciphers etc. Only the set which are *also* supported by the client can
be negotiated with the server.
Amos
More information about the squid-users
mailing list