[squid-users] SSL errors with Squid 3.5.27

L.P.H. van Belle belle at bazuin.nl
Wed Jun 13 08:19:41 UTC 2018


Hai, 

I would say facebook protected there certificates with TSLA. 
Then you cant use ssl bump if im correct. 

Greetz, 

Louis 

> -----Oorspronkelijk bericht-----
> Van: squid-users 
> [mailto:squid-users-bounces at lists.squid-cache.org] Namens 
> Julian Perconti
> Verzonden: dinsdag 12 juni 2018 21:55
> Aan: squid-users at lists.squid-cache.org
> Onderwerp: Re: [squid-users] SSL errors with Squid 3.5.27
> 
> >Interesting.
> >
> >The main issue was that you configured only params for the 
> Diffi-Helman (DH and DHE) ciphers - no >curve name. That 
> meant your specified EEC* ciphers were disabled since they 
> require a curve name as >well.
> >
> >Removing this option completely disables both DH and ECDH 
> cipher types.
> >Leaving your proxy with only the RSA based ciphers.
> >
> >Amos
> 
> kid1| Error negotiating SSL on FD 60: error:14007086:SSL 
> routines:CONNECT_CR_CERT:certificate verify failed (1/-1/0)
> 
> Hi Amos,
> 
> I still have no look to connect with WhatsApp from iOS.
> 
> How do I can track this error?:
> 
> kid1| Error negotiating SSL on FD 60: error:14007086:SSL 
> routines:CONNECT_CR_CERT:certificate verify failed (1/-1/0)
> 
> I mean examine the FD, ...or.. what? How? Because from iOS i 
> cant see any error, it just tries to connect indefinitely.
> 
> Some whatsapp/Facebook server with the command:
> 
> Openssl s_client -connect -showcerts x.x.x.x:443 
> 
> Does not shows any cert and establishes a connection with TLS 1.2...
> 
> Any idea?
> 
> Thank You
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 



More information about the squid-users mailing list