[squid-users] Cant open some HTTPS with Squid 4.8

Alex Rousskov rousskov at measurement-factory.com
Tue Sep 3 13:43:29 UTC 2019

On 9/3/19 7:47 AM, KOTOXJle6 wrote:

> I have this errors in /var/log/squid/cache.log
> /ERROR: negotiating TLS on FD 46: error:1425F175:SSL
> routines:ssl_choose_client_version:inappropriate fallback (1/-1/0)/

According to the discussion linked below, these errors may be "normal":

To confirm that they are normal, you would need to isolate traffic from
the affected client and see whether its previous connection or tunneling
attempt has failed for some reason.

> /ERROR: negotiating TLS on FD 104: error:14094410:SSL
> routines:ssl3_read_bytes:sslv3 alert handshake failure (1/-1/0)
> /
> /ERROR: negotiating TLS on FD 27: error:1423406E:SSL
> routines:tls_parse_stoc_sct:bad extension (1/-1/0)/

A similar problem was discussed at

If your OpenSSL installation is reasonably fresh, then you will need to
isolate the failure to where you can connect TCP packet samples and/or
Squid debugging logs.



More information about the squid-users mailing list