[squid-users] can't access https://www.finanzamt.bayern.de/ with sslbump (other sites works well)
Amos Jeffries
squid3 at treenet.co.nz
Wed Jan 9 12:25:09 UTC 2019
On 9/01/19 5:52 am, Dieter Bloms wrote:
> Hello,
>
> I've compiled squid 4.5 with openssl1.1 as shipped with debian9.
> Sslbump works fine for all sides, but I can't access only one site
> https://www.finanzamt.bayern.de/
> and don't know the reason.
> Ssllabs gives "A".
That means they are using "Good Practice" with their use of TLS. The
better they use TLS the less likely that SSL-Bump works.
...
> The access.log looks like:
>
> --snip--
> 1546962078.461 4726 x.x.x.x NONE/200 0 CONNECT www.finanzamt.bayern.de:443 - HIER_DIRECT/193.34.207.31 -
> 1546962078.472 0 x.x.x.x NONE/500 8495 GET https://www.finanzamt.bayern.de/ - HIER_NONE/- text/html
> --snip--
>
> no entries in cache.log
>
> Can anybody try this site to see whether it is my local installation, or the webserver.
>
Please check your cache.log and the 500-status error page message to
find out what the problem is. TLS is such a complicated system that it
is unlikely others will be able to see the reason your system is failing
with the very few details you have provided.
Amos
More information about the squid-users
mailing list