<div dir="ltr"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><p style="margin-top:0px;margin-bottom:0px;color:rgb(0,0,0);font-family:calibri,arial,helvetica,sans-serif;font-size:16px"><font color="#000099" style="font-size:15px">Best Regards,</font><span style="color:rgb(33,33,33);font-size:15px"></span></p><div style="font-family:calibri,arial,helvetica,sans-serif;color:rgb(33,33,33);font-size:15px"><span style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">Hi, can you please explain me, does squid support ssl bumping with site signed with GOST certificate?</span><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">I have OpenSSL 1.0.2d 9 Jul 2015</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><div>openssl engine</div><div>(dynamic) Dynamic engine loading support</div><div><b>(gost) Reference implementation of GOST engine</b></div></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><b><br></b></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><b>openssl ciphers | grep GOST<br></b></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><b>GOST2001-GOST89-GOST89:GOST94-<wbr>GOST89-GOST89<br></b></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><b><br></b></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">/opt/squid/sbin/squid -v<br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><div>Squid Cache: Version 3.5.19</div><div>Service Name: squid</div><div>configure options:  'CFLAGS=-march=i686 -g -O2' 'CXXFLAGS=-march=i686 -g -O2' '--prefix=/opt/squid-3.5.19-4' '--enable-async-io=32' '--enable-storeio=ufs,aufs,<wbr>rock,diskd' '--enable-disk-io' '--enable-removal-policies=<wbr>heap,lru' '--enable-useragent-log' '--enable-referer-log' '--enable-arp-acl' '--with-openssl' '--enable-forw-via-db' '--enable-cache-digests' '--enable-linux-netfilter' '--enable-basic-auth=all' '--enable-ntlm-auth=all' '--enable-ntlm-fail-open' '--enable-negotiate-auth=all' '--enable-external-acl-<wbr>helpers' '--with-filedescriptors=32768' '--with-large-files' '--enable-delay-pools' '--enable-ssl-crtd' '--disable-static' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/<wbr>squid.pid' '--with-swapdir=/var/data/<wbr>squid/cache' '--disable-arch-native' </div></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">SSL bumping with dynamic certificates working well but when I try to go to site with GOST certificate,</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">I see error -</div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><br></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px"><p>The system returned:</p><blockquote><pre style="white-space:pre-wrap">(71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)</pre><p>Handshake with SSL server failed: error:0609E09C:digital envelope routines:PKEY_SET_TYPE:<wbr>unsupported algorithm</p><p><br></p></blockquote></div><div style="color:rgb(34,34,34);font-family:arial,sans-serif;font-size:12.8px">Please explain me this Error please</div></div></div></div></div>
</div>