[squid-users] Ubuntu 20.04 "apt update" issues behind a VPN and Squid proxy
Amos Jeffries
squid3 at treenet.co.nz
Sun Jul 18 06:43:28 UTC 2021
On 16/07/21 4:38 pm, David Mills wrote:
> Hi Amos,
>
> sorry for the big delay here - I've had lots of other things to attend
> to. It turned on the logging you suggested. For a failed "apt update"
> attempt on the client I get the following attached access.log and cache.log.
>
> Are any of the lines
>
> 2021/07/16 04:28:01.423 kid1| 83,5| bio.cc(396) adjustSSL: Extension
> 13 does not supported!
>
> ...
>
> 20212021/07/16 04:28:32.465 kid1| 83,2| client_side.cc(3749)
> Squid_SSL_accept: Error negotiating SSL connection on FD 11: Aborted
> by client: 5
> ...
>
> 2021/07/16 04:28:02.452 kid1| Error negotiating SSL on FD 17:
> error:140920F8:SSL routines:ssl3_get_server_hello:unknown cipher
> returned (1/-1/0)
>
> ...
>
> 2021/07/16 04:28:01.413 kid1| 83,2| client_side.cc(4293)
> clientPeekAndSpliceSSL: SSL_accept failed.
>
>
> important?
>
Very. It means the libssl Squid is built with and using is not able to
understand the TLS the server is sending.
Squid-4 should be more tolerant of this particular issue, or at least
able to follow the on_unsupported_protocol directive when it is encountered.
Older Squid depend more directly on the library TLS parsing - which
cannot handle unknown values well.
Amos
More information about the squid-users
mailing list