[squid-users] HTTPS Settings
rousskov at measurement-factory.com
Fri Dec 14 16:04:49 UTC 2018
On 12/13/18 9:39 PM, John Refwe wrote:
> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump bump all
> There are a few websites, one of which is https://opts.ssa.gov where
> I get an error I'm having trouble understanding in the logs.
Does an OpenSSL s_client test work for that site, from your Squid box?
It works for me, but your environment may be different:
$ openssl s_client --servername opts.ssa.gov --connect opts.ssa.gov:443
> Am I running into a known limitation of server-first bumping?
Why do you say "server-first bumping"? The Squid configuration you
posted does not use server-first bumping. It uses step2 bumping, which
is a completely different animal.
Collecting a packet sample from the broken transaction (client-Squid and
Squid-server packets, in all four directions), like Amos has suggested,
is a good next step, especially if you cannot reproduce with s_client.
More information about the squid-users