<div dir="ltr"><div style="font-size:12.8000001907349px"><font face="georgia, serif">Hi,</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif"><br></font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">I have successfully configured SSLBump Peek and Splice in my transparent proxy and it is working as expected except in Internet explorer.</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif"><br></font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">For example, in IE version 8, getting an error given below,</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif"><br></font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">(71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">Handshake with SSL server failed: error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif"><br></font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">Below is squid.conf,</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif"><br></font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">visible_hostname <a href="http://mysite.com/" target="_blank">mysite.com</a></font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">httpd_suppress_version_string on</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">via off</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">forwarded_for delete</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">deny_info <a href="http://192.168.3.33/error.html" target="_blank">http://192.168.3.33/error.html</a> blockfiles</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl lan src <a href="http://192.168.4.0/24" target="_blank">192.168.4.0/24</a> <a href="http://192.168.6.0/24" target="_blank">192.168.6.0/24</a> <a href="http://192.168.3.0/24" target="_blank">192.168.3.0/24</a></font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">http_access allow lan</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl SSL_ports port 443</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl Safe_ports port 80 # http</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl Safe_ports port 21 # ftp</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl Safe_ports port 443 # https</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl Safe_ports port 70 # gopher</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl Safe_ports port 210 # wais</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl Safe_ports port 1025-65535 # unregistered ports</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl Safe_ports port 280 # http-mgmt</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl Safe_ports port 488 # gss-http</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl Safe_ports port 591 # filemaker</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl Safe_ports port 777 # multiling http</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl CONNECT method CONNECT</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">strip_query_terms off</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">http_access allow manager localhost</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">http_access deny manager</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">http_access deny !Safe_ports</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">http_access deny CONNECT !SSL_ports</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">http_access deny all</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">sslproxy_flags DONT_VERIFY_PEER DONT_VERIFY_DOMAIN</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl disable-ssl-bump ssl::server_name "/etc/squid/no-ssl-bump.acl"</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl BadSite ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">sslproxy_cert_error allow BadSite</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl step1 at_step SSLBump1</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl step2 at_step SSLBump2</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">acl step3 at_step SSLBump3</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">ssl_bump peek step1 all</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">ssl_bump splice step2 disable-ssl-bump</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">ssl_bump stare step2 all</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">ssl_bump splice step3 disable-ssl-bump</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">ssl_bump bump step3 all</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">http_port 3130</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">http_port 3128 intercept</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/etc/squid/ssl_cert/myca.pem key=/etc/squid/ssl_cert/myca.pem</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 8MB</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">sslcrtd_children 8 startup=1 idle=1</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">coredump_dir /var/spool/squid</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">refresh_pattern ^ftp: 1440 20% 10080</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">refresh_pattern ^gopher: 1440 0% 1440</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">refresh_pattern -i (/cgi-bin/|\?) 0 0% 0</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">refresh_pattern . 0 20% 4320</font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif"><br></font></div><div style="font-size:12.8000001907349px"><font face="georgia, serif">Any inputs to resolve this error will be much appreciated.</font></div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div dir="ltr"><div dir="ltr"><span><div dir="ltr"><div style="font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(34,34,34);background-color:rgb(255,255,255)"><font face="georgia, serif">Best,</font></div><div dir="ltr" style="font-family:arial,sans-serif;font-size:small;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;color:rgb(34,34,34);background-color:rgb(255,255,255)"><div><font face="georgia, serif">Prasad Desai<br></font></div><div><font face="georgia, serif">Systems Engineer<br></font></div><div style="font-family:arial,sans-serif"><br></div></div></div></span></div></div></div></div>
</div>