[squid-users] Squid 4.3: SSL Bump fails to send client certificate
Sid
SIDDH05 at gmail.com
Fri Nov 2 09:47:56 UTC 2018
Thank you Amos and Alex for great help & support so far.
As per suggestions I have added lot more parameters in squid.conf for both
"http" & "tls_outgoing_options" directives:
http_port 3128 ssl-bump \
tls-cert=/usr/local/squid/etc/ssl_cert/myCA.pem \
cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!DH:!ADH
\
options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
tls-cafile=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \
tls-dh=prime256v1:/usr/local/squid/etc/dhparam.pem \
tls-dh=secp384r1:/usr/local/squid/etc/dhparam.pem
tls_outgoing_options \
default-ca=off \
cafile=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem \
options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE \
cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!DH:!ADH
\
flags=DONT_VERIFY_DOMAIN \
flags=DONT_VERIFY_PEERi \
min-version=1.2
Now, when I look into wireshark between Server <--> Squid; I no longer see
error: 61 Alert (Level: Fatal, Description: Internal Error) sent by Squid
Only issue is Squid sends:
2018-11-02_151705.jpg
<http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377591/2018-11-02_151705.jpg>
How to make Squid send certificate in it?
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list