[squid-users] SSL handshake

Vieri rentorbuy at yahoo.com
Tue Jul 27 15:45:52 UTC 2021


Hi,

Just recently I've noticed that LAN clients going through Squid with sslbump are all of a sudden unable to access certain HTTPS sites such as login.yahoo.com.
The squid log has lines like:

kid1| 4,3| Error.cc(22) update: recent: ERR_SECURE_CONNECT_FAIL/SQUID_ERR_SSL_HANDSHAKE+TLS_LIB_ERR=1423506E+TLS_IO_ERR=1

and the client error page shows a line like this:

SQUID_TLS_ERR_CONNECT+TLS_LIB_ERR=14094410+TLS_IO_ERR=1

I'm not sure why the lib error code is different. I might not have tracked down the right connection in the log.

I have not changed anything in the OS so it might be because of change in the remote web service.
It might be that my openssl version is already too old (1.1.1g), and that the web site forces the use of an unsupported cypher?

Regards,

Vieri


More information about the squid-users mailing list