<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>Hi,</div>
<div> </div>
<div>I have an error when going to a site that is set to be ssl-bumped in squid.</div>
<div> </div>
<div>I have modified my squid config so that I have not specified any ciphers (I read in another forum post this would be the way to make it closest to the standard openssl).</div>
<div> </div>
<div>The error that I see in squid cache logs is: "<span style="white-space: pre-wrap;">Handshake with SSL server failed: error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message"</span></div>
<div> </div>
<div><span style="white-space: pre-wrap;">Comparing two packet captures, one when trying to bump the website and the other when not bumping the website, the difference in sequences is as follows:</span></div>
<div> </div>
<div><span style="white-space: pre-wrap;">In the working PCAP:</span></div>
<div><span style="white-space: pre-wrap;">1) Server Hello, Certificate</span></div>
<div><span style="white-space: pre-wrap;">2) Client ack</span></div>
<div><span style="white-space: pre-wrap;">3) Server key exchange, server hello done</span></div>
<div><span style="white-space: pre-wrap;">4) client ack</span></div>
<div><span style="white-space: pre-wrap;">5) Client key exchange, change cipher spec, encrypted handshake message (from client)</span></div>
<div><span style="white-space: pre-wrap;">6) Server change cipher spec</span></div>
<div><span style="white-space: pre-wrap;">7) Server encrypted handshake message</span></div>
<div><span style="white-space: pre-wrap;">8) client ack</span></div>
<div><span style="white-space: pre-wrap;">9) things working</span></div>
<div> </div>
<div><span style="white-space: pre-wrap;">In the non-working (ssl-bump) PCAP:</span></div>
<div>
<div><span style="white-space: pre-wrap;">1) Server Hello, Certificate</span></div>
<div><span style="white-space: pre-wrap;">2) Client ack</span></div>
<div><span style="white-space: pre-wrap;">3) Server key exchange, server hello done</span></div>
<div><span style="white-space: pre-wrap;">4) client ack</span></div>
<div><span style="white-space: pre-wrap;">5) Alert (Level: Fatal, Description: Unexpected Message) (from client)</span></div>
<div> </div>
<div>I can attach the PCAPs if it is more helpful, I just didn't want anyone to have to look through all of them in case this was enough to figure out what might be going wrong in the ssl-bumped case.</div>
<div> </div>
<div>Thank you very much for your help and time,</div>
<div> </div>
<div>John</div>
<div> </div>
<div> </div>
</div>
<div> </div>
<div> </div></div></body></html>