[squid-users] transparent proxy upgrade 3.5 to 4.12, Error parsing SSL Server Hello Message on FD XX
Tanner
tannmann at gmail.com
Mon Jun 22 14:50:41 UTC 2020
I have squid set up as a transparent outbound proxy using version 3.5. When
upgrading to 4.12, I am seeing an error "Error parsing SSL Server Hello
Message on FD XX" that did not happen before. Here is my config:
http_port 3129 intercept
cache_effective_user squid
cache_effective_group squid
workers 1
acl CONNECT method CONNECT
acl allowed_http_sites dstdom_regex "/etc/squid/outbound_whitelist.txt"
http_access allow allowed_http_sites
acl allowed_networks src 10.0.0.0/8
acl allowed_networks src 172.0.0.0/8
https_port 3130 intercept ssl-bump cert=/etc/squid/ssl/squid.pem
acl SSL_port port 443
http_access allow SSL_port
acl allowed_https_sites ssl::server_name_regex
"/etc/squid/outbound_whitelist.txt"
acl step3 at_step SslBump3
ssl_bump peek all
ssl_bump splice step3 allowed_https_sites
ssl_bump terminate all
cache deny all
http_access deny all
shutdown_lifetime 0
pid_filename /var/run/squid.pid
log_mime_hdrs on
logfile_rotate 2
access_log stdio:/dev/stdout
cache_log stdio:/dev/stderr
Previous to 4.12, if I tried to upgrade to any v4 or v5 of squid, I would
get an issue with "inappropriate fallback" when going to some sites
supporting TLS 1.3 (but not all). This appears to have been resolved, but
this "Error parsing SSL Server Hello Message" is new. Is there something
that should change in my config? Can anyone tell me what this error means?
Thanks,
Tanner
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200622/77339abf/attachment.html>
More information about the squid-users
mailing list