[squid-users] fi.se ssl bump error

Amos Jeffries squid3 at treenet.co.nz
Fri Nov 30 10:03:01 UTC 2018


On 30/11/18 12:16 pm, John Refwe wrote:
> Hi,
>  
> I'm encountering a ssl bump error when going
> to https://www.finansinspektionen.se/
>  
> The error is similar in nature
> to http://squid-web-proxy-cache.1019090.n4.nabble.com/Message-with-SSL-bump-with-a-specific-site-td4686867.html

TLS is complex protocol. "Similar to" is not enough to be accurate.

Did you do what I suggested in that thread to closer identify what was
actually happening?

>  
> I took a packet capture and it didn't explain anything beyond what is
> discussed in the above thread. I could readily reproduce it with both
> squid 3.5 and squid 4.0. Interestingly, when I did an openssl s_client
> to the domain and then did pasted: 
> GET / HTTP/1.1
> Host: www.finansinspektionen.se
> Connection: keep-alive
>  
> Things seemed to work. So, it doesn't immediately seem to be an openssl
> issue?
>  

The test only shows that the default parameters your OpenSSL library
wants to use will work.

The parameters of the handshake outgoing from Squid is mediated by
settings the client uses and anything you have forced limits on through
squid.conf settings.


> Is anyone able to reproduce this / maybe provide a little bit of insight
> as to what might be happening?
>  

Not from those clues.

Amos


More information about the squid-users mailing list