[squid-users] HTTPS Settings

Alex Rousskov rousskov at measurement-factory.com
Fri Dec 14 16:04:49 UTC 2018

On 12/13/18 9:39 PM, John Refwe wrote:

> acl step1 at_step SslBump1
> ssl_bump peek step1
> ssl_bump bump all

> There are a few websites, one of which is https://opts.ssa.gov where
> I get an error I'm having trouble understanding in the logs.

Does an OpenSSL s_client test work for that site, from your Squid box?
It works for me, but your environment may be different:

$ openssl s_client --servername opts.ssa.gov --connect opts.ssa.gov:443

> Am I running into a known limitation of server-first bumping?

Why do you say "server-first bumping"? The Squid configuration you
posted does not use server-first bumping. It uses step2 bumping, which
is a completely different animal.

Collecting a packet sample from the broken transaction (client-Squid and
Squid-server packets, in all four directions), like Amos has suggested,
is a good next step, especially if you cannot reproduce with s_client.


More information about the squid-users mailing list