<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312">
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p
{mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman";}
pre
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.E-mailStijl19
{mso-style-type:personal;
font-family:Arial;
color:navy;}
@page Section1
{size:595.3pt 841.9pt;
margin:70.85pt 69.6pt 70.85pt 69.6pt;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:1569269280;
mso-list-template-ids:-1674783682;}
@list l0:level1
{mso-level-start-at:192;
mso-level-text:%1;
mso-level-tab-stop:126.0pt;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-126.0pt;}
@list l0:level2
{mso-level-start-at:168;
mso-level-text:"%1\.%2";
mso-level-tab-stop:126.0pt;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-126.0pt;}
@list l0:level3
{mso-level-text:"%1\.%2\.%3";
mso-level-tab-stop:126.0pt;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-126.0pt;}
@list l0:level4
{mso-level-start-at:32;
mso-level-text:"%1\.%2\.%3\.%4";
mso-level-tab-stop:126.0pt;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-126.0pt;}
@list l0:level5
{mso-level-text:"%1\.%2\.%3\.%4\.%5";
mso-level-tab-stop:126.0pt;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-126.0pt;}
@list l0:level6
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
mso-level-tab-stop:126.0pt;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-126.0pt;}
@list l0:level7
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
mso-level-tab-stop:126.0pt;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-126.0pt;}
@list l0:level8
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
mso-level-tab-stop:126.0pt;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-126.0pt;}
@list l0:level9
{mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
mso-level-tab-stop:126.0pt;
mso-level-number-position:left;
margin-left:126.0pt;
text-indent:-126.0pt;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
</head>
<body lang=NL link=blue vlink=blue>
<div class=Section1>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Your firewall rules seems off. <br>
<br>
<o:p></o:p></span></font></p>
<p class=MsoPlainText style='margin-left:126.0pt;text-indent:-126.0pt;
mso-list:l0 level4 lfo1'><![if !supportLists]><font size=2 face="Courier New"><span
style='font-size:10.0pt'><span style='mso-list:Ignore'>192.168.1.32<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]>is your client, as i seen in the
log. <br>
<br>
<o:p></o:p></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>But your showing 10.3.141.0/24 so.. <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Try/look at this. Change interfaces where needed offcourse. <br>
<br>
<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>iptables
-p tcp \<o:p></o:p></span></font></p>
<p class=MsoPlainText style='text-indent:35.4pt'><font size=2 face="Courier New"><span
style='font-size:10.0pt'>--dport 80 -j REDIRECT --to-port 3128 -m comment
--comment "Squid-Intercept 80->3128"<br>
<br>
<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>iptables
-p tcp \<o:p></o:p></span></font></p>
<p class=MsoPlainText style='text-indent:35.4pt'><font size=2 face="Courier New"><span
style='font-size:10.0pt'>--dport 443 -j REDIRECT --to-ports 3129 -m comment
--comment "Squid-Intercept 443->3129"<br>
<br>
<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>iptables
-o INTERNET_INTERFACE \<o:p></o:p></span></font></p>
<p class=MsoPlainText style='text-indent:35.4pt'><font size=2 face="Courier New"><span
style='font-size:10.0pt'>-j MASQUERADE -m comment --comment "IP-Masq allow
internet"<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><br>
Greetz, <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Louis<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>________________________________________<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Van: squid-users [mailto:squid-users-bounces@lists.squid-cache.org]
Namens jean francois hasson<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Verzonden: zondag 3 januari 2021 19:15<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Aan: squid-users@lists.squid-cache.org<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Onderwerp: Re: [squid-users] Setting up a transparent http and https
proxy server using squid 4.6<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Hi,<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>After reading more information on this kind of error I captured a few
transactions with Wireshark running on the raspberry pi hosting squid 4.6 and
opensll 1.1.1d. I captured some transactions when trying to access ebay.fr
which is currently not successful with the setup I have with the error of
inappropriate fallback mentioned below.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>I am not familiar with TLS transactions so I will try to present a high
level view of the transactions between the raspberry pi and the ebay.fr server.
I hope you can guide me as to what I should focus on to understand, if
possible, the issue I have.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>A bird's eye view of the transactions from Wireshark over time is :<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 23 0.175795327
192.168.1.32
192.168.1.1
DNS 71 Standard query
0x057e A www.ebay.fr<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 24 0.214678299
192.168.1.1
192.168.1.32
DNS 165 Standard query response
0x057e A www.ebay.fr CNAME slot11847.ebay.com.edgekey.net CNAME
e11847.g.akamaiedge.net A 23.57.6.166<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 25 0.301067317
192.168.1.32
23.57.6.166
TCP 74 53934 → 443
[SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=365186690 TSecr=0 WS=128<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 26 0.302488046
192.168.1.32
23.57.6.166
TCP 74 53936 → 443
[SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=365186691 TSecr=0 WS=128<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 27 0.328959454
23.57.6.166
192.168.1.32
TCP 74 443 → 53934
[SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=3470404062
TSecr=365186690 WS=128<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 28 0.329115340
192.168.1.32
23.57.6.166
TCP 66 53934 → 443
[ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=365186718 TSecr=3470404062<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 29 0.329752684
192.168.1.32
23.57.6.166
TLSv1.2 583 Client Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 30 0.330530288
23.57.6.166
192.168.1.32
TCP 74 443 → 53936
[SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=3470404064
TSecr=365186691 WS=128<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 31 0.330644819
192.168.1.32
23.57.6.166
TCP 66 53936 → 443
[ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=365186719 TSecr=3470404064<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 32 0.331192579
192.168.1.32
23.57.6.166
TLSv1.2 583 Client Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 35 0.351054404
192.168.1.32
192.168.1.98
TCP 54 5900 → 49903
[ACK] Seq=14256 Ack=97 Win=501 Len=0<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 36 0.363323884
23.57.6.166
192.168.1.32
TCP 66 443 → 53934
[ACK] Seq=1 Ack=518 Win=64768 Len=0 TSval=3470404096 TSecr=365186719<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 37 0.364291801 23.57.6.166
192.168.1.32
TLSv1.2 1514 Server Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 38 0.364347270
192.168.1.32
23.57.6.166
TCP 66 53934 → 443
[ACK] Seq=518 Ack=1449 Win=64128 Len=0 TSval=365186753 TSecr=3470404096<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 39 0.365482999
23.57.6.166
192.168.1.32
TCP 1514 443 → 53934 [PSH, ACK]
Seq=1449 Ack=518 Win=64768 Len=1448 TSval=3470404096 TSecr=365186719 [TCP
segment of a reassembled PDU]<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 40 0.365535030
192.168.1.32
23.57.6.166
TCP 66 53934 → 443
[ACK] Seq=518 Ack=2897 Win=64128 Len=0 TSval=365186754 TSecr=3470404096<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 41 0.366217999
23.57.6.166
192.168.1.32
TCP 1266 443 → 53934 [PSH, ACK]
Seq=2897 Ack=518 Win=64768 Len=1200 TSval=3470404096 TSecr=365186719 [TCP
segment of a reassembled PDU]<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 42 0.366279041
192.168.1.32
23.57.6.166
TCP 66 53934 → 443
[ACK] Seq=518 Ack=4097 Win=64128 Len=0 TSval=365186755 TSecr=3470404096<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 43 0.366321697 23.57.6.166
192.168.1.32
TCP 74 [TCP
Retransmission] 443 → 53936 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0
MSS=1460 SACK_PERM=1 TSval=3470404096 TSecr=365186691 WS=128<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 44 0.366410135
192.168.1.32
23.57.6.166 TCP
66 [TCP Dup ACK 31#1] 53936 → 443 [ACK] Seq=518
Ack=1 Win=64256 Len=0 TSval=365186755 TSecr=3470404064<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 45 0.366709770
23.57.6.166
192.168.1.32
TLSv1.2 991 Certificate, Certificate Status, Server Key
Exchange, Server Hello Done<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 46 0.366754978
192.168.1.32
23.57.6.166
TCP 66 53934 → 443
[ACK] Seq=518 Ack=5022 Win=64128 Len=0 TSval=365186756 TSecr=3470404097<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 47 0.369138676
23.57.6.166
192.168.1.32
TCP 66 443 → 53936
[ACK] Seq=1 Ack=518 Win=64768 Len=0 TSval=3470404102 TSecr=365186720<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 48 0.370432739
23.57.6.166
192.168.1.32
TLSv1.2 1514 Server Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 49 0.370506906
192.168.1.32
23.57.6.166
TCP 66 53936 → 443
[ACK] Seq=518 Ack=1449 Win=64128 Len=0 TSval=365186759 TSecr=3470404102<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 50 0.371401125
23.57.6.166
192.168.1.32
TCP 1514 443 → 53936 [PSH, ACK]
Seq=1449 Ack=518 Win=64768 Len=1448 TSval=3470404102 TSecr=365186720 [TCP
segment of a reassembled PDU]<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 51 0.371449250
192.168.1.32 23.57.6.166
TCP 66 53936 → 443
[ACK] Seq=518 Ack=2897 Win=64128 Len=0 TSval=365186760 TSecr=3470404102<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 52 0.372385968
23.57.6.166
192.168.1.32
TCP 1266 443 → 53936 [PSH, ACK]
Seq=2897 Ack=518 Win=64768 Len=1200 TSval=3470404102 TSecr=365186720 [TCP
segment of a reassembled PDU]<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 53 0.372438156
192.168.1.32
23.57.6.166
TCP 66 53936 → 443
[ACK] Seq=518 Ack=4097 Win=64128 Len=0 TSval=365186761 TSecr=3470404102<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 54 0.372859562
23.57.6.166
192.168.1.32
TLSv1.2 991 Certificate, Certificate Status, Server Key
Exchange, Server Hello Done<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 55 0.372905395
192.168.1.32
23.57.6.166
TCP 66 53936 → 443
[ACK] Seq=518 Ack=5022 Win=64128 Len=0 TSval=365186762 TSecr=3470404103<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 56 0.374064614
192.168.1.32
23.57.6.166
TCP 66 53934 → 443
[FIN, ACK] Seq=518 Ack=5022 Win=64128 Len=0 TSval=365186763 TSecr=3470404097<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 57 0.382856646 192.168.1.32
23.57.6.166
TCP 66 53936 → 443
[FIN, ACK] Seq=518 Ack=5022 Win=64128 Len=0 TSval=365186772 TSecr=3470404103<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 58 0.387044251
192.168.1.32
23.57.6.166
TCP 74 53938 → 443
[SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=365186776 TSecr=0 WS=128<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 59 0.401877325
192.168.1.32
23.57.6.166
TCP 74 53940 → 443
[SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=365186791 TSecr=0 WS=128<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 60 0.402472117
23.57.6.166
192.168.1.32
TCP 66 443 → 53934
[FIN, ACK] Seq=5022 Ack=519 Win=64768 Len=0 TSval=3470404136 TSecr=365186763<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 61 0.402574981
192.168.1.32
23.57.6.166
TCP 66 53934 → 443
[ACK] Seq=519 Ack=5023 Win=64128 Len=0 TSval=365186791 TSecr=3470404136<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 62 0.410122326
23.57.6.166
192.168.1.32
TCP 66 443 → 53936
[FIN, ACK] Seq=5022 Ack=519 Win=64768 Len=0 TSval=3470404143 TSecr=365186772<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 63 0.410185971 192.168.1.32
23.57.6.166
TCP 66 53936 → 443
[ACK] Seq=519 Ack=5023 Win=64128 Len=0 TSval=365186799 TSecr=3470404143<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 64 0.415533941
23.57.6.166
192.168.1.32
TCP 74 443 → 53938
[SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=3470404148
TSecr=365186776 WS=128<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 65 0.415615607
192.168.1.32
23.57.6.166
TCP 66 53938 → 443
[ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=365186804 TSecr=3470404148<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 66 0.416199514
192.168.1.32
23.57.6.166
TLSv1.2 583 Client Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 67 0.429629098
23.57.6.166
192.168.1.32
TCP 74 443 → 53940
[SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=3470404163
TSecr=365186791 WS=128<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 68 0.429722796
192.168.1.32
23.57.6.166
TCP 66 53940 → 443
[ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=365186819 TSecr=3470404163<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 69 0.430195036
192.168.1.32
23.57.6.166 TLSv1.2
583 Client Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 70 0.449937225
23.57.6.166
192.168.1.32
TCP 66 443 → 53938
[ACK] Seq=1 Ack=518 Win=64768 Len=0 TSval=3470404182 TSecr=365186805<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 71 0.451000037
23.57.6.166
192.168.1.32
TLSv1.2 1514 Server Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 72 0.451064100
192.168.1.32
23.57.6.166
TCP 66 53938 → 443
[ACK] Seq=518 Ack=1449 Win=64128 Len=0 TSval=365186840 TSecr=3470404183<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 73 0.451980194
23.57.6.166
192.168.1.32
TCP 1514 443 → 53938 [PSH, ACK]
Seq=1449 Ack=518 Win=64768 Len=1448 TSval=3470404183 TSecr=365186805 [TCP
segment of a reassembled PDU]<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 74 0.452031756
192.168.1.32
23.57.6.166
TCP 66 53938 → 443
[ACK] Seq=518 Ack=2897 Win=64128 Len=0 TSval=365186841 TSecr=3470404183<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 75 0.452935767
23.57.6.166
192.168.1.32
TCP 1266 443 → 53938 [PSH, ACK]
Seq=2897 Ack=518 Win=64768 Len=1200 TSval=3470404183 TSecr=365186805 [TCP
segment of a reassembled PDU]<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 76 0.452991027
192.168.1.32
23.57.6.166
TCP 66 53938 → 443
[ACK] Seq=518 Ack=4097 Win=64128 Len=0 TSval=365186842 TSecr=3470404183<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 77 0.453443475
23.57.6.166
192.168.1.32 TLSv1.2
991 Certificate, Certificate Status, Server Key Exchange,
Server Hello Done<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 78 0.453498215
192.168.1.32
23.57.6.166
TCP 66 53938 → 443
[ACK] Seq=518 Ack=5022 Win=64128 Len=0 TSval=365186842 TSecr=3470404184<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 79 0.461625715
192.168.1.32
23.57.6.166
TCP 66 53938 → 443
[FIN, ACK] Seq=518 Ack=5022 Win=64128 Len=0 TSval=365186850 TSecr=3470404184<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 80 0.463463320
23.57.6.166
192.168.1.32
TCP 66 443 → 53940
[ACK] Seq=1 Ack=518 Win=64768 Len=0 TSval=3470404196 TSecr=365186819<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 81 0.464344413
23.57.6.166
192.168.1.32
TLSv1.2 1514 Server Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 82 0.464433476
192.168.1.32
23.57.6.166
TCP 66 53940 → 443
[ACK] Seq=518 Ack=1449 Win=64128 Len=0 TSval=365186853 TSecr=3470404197<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 83 0.465538632
23.57.6.166
192.168.1.32
TCP 1514 443 → 53940 [PSH, ACK]
Seq=1449 Ack=518 Win=64768 Len=1448 TSval=3470404197 TSecr=365186819 [TCP
segment of a reassembled PDU]<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 84 0.465628789
192.168.1.32
23.57.6.166
TCP 66 53940 → 443
[ACK] Seq=518 Ack=2897 Win=64128 Len=0 TSval=365186854 TSecr=3470404197<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 85 0.466298945
23.57.6.166 192.168.1.32
TCP 1266 443 → 53940 [PSH, ACK]
Seq=2897 Ack=518 Win=64768 Len=1200 TSval=3470404197 TSecr=365186819 [TCP
segment of a reassembled PDU]<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 86 0.466437851
192.168.1.32
23.57.6.166
TCP 66 53940 → 443
[ACK] Seq=518 Ack=4097 Win=64128 Len=0 TSval=365186855 TSecr=3470404197<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 87 0.467042591
23.57.6.166
192.168.1.32
TLSv1.2 991 Certificate, Certificate Status, Server Key
Exchange, Server Hello Done<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 88 0.467190976 192.168.1.32
23.57.6.166
TCP 66 53940 → 443
[ACK] Seq=518 Ack=5022 Win=64128 Len=0 TSval=365186856 TSecr=3470404197<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>I start my description with a Client Hello step from the raspberry pi
to the ebay.fr server :<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>No.
Time Source
Destination
Protocol Length Info<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 29 0.329752684
192.168.1.32
23.57.6.166
TLSv1.2 583 Client Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>...<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Transport Layer Security<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> TLSv1.2 Record Layer: Handshake Protocol: Client
Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Content Type: Handshake (22)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Version: TLS 1.0 (0x0301)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Length: 512<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Handshake Protocol: Client
Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Handshake Type: Client Hello (1)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Length: 508<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Version: TLS 1.2 (0x0303)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Then, there is another Client Hello step which seems quite similar to
the previous one :<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>No.
Time
Source
Destination
Protocol Length Info<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 32 0.331192579
192.168.1.32
23.57.6.166
TLSv1.2 583 Client Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>...<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Transport Layer Security<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> TLSv1.2 Record Layer: Handshake Protocol: Client
Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Content Type: Handshake (22)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Version: TLS 1.0 (0x0301)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Length: 512<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Handshake Protocol: Client
Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Handshake Type: Client Hello (1)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Length: 508<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Version: TLS 1.2 (0x0303)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Then a Server Hello :<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>No.
Time
Source
Destination
Protocol Length Info<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 37 0.364291801
23.57.6.166
192.168.1.32
TLSv1.2 1514 Server Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>...<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Transport Layer Security<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> TLSv1.2 Record Layer: Handshake Protocol: Server
Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Content Type: Handshake (22)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Version: TLS 1.2 (0x0303)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Length: 78<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Handshake Protocol: Server
Hello<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Handshake Type: Server Hello (2)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Length: 74<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Version: TLS 1.2 (0x0303)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Random: 08f25b54bfe62d98736a4e5e8cc5a3f4ab97c040c1a892a26110e4d704b2fd9e<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
GMT Unix Time: Oct 4, 1974 08:40:20.000000000 Paris, Madrid (heure
d’été)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Random Bytes: bfe62d98736a4e5e8cc5a3f4ab97c040c1a892a26110e4d704b2fd9e<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Session ID Length: 0<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>...<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>So it seems the server found a common cipher with the client. I am not
sure then what to look for. Frames 43 and 44 are detected by Wireshark as
retransmissions but I am not sure it is a problem.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>I noticed frame 45 which is about the Certificate, Certificate Status,
Server Key Exchange and Server Hello Done <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>No.
Time
Source
Destination
Protocol Length Info<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> 45 0.366709770
23.57.6.166
192.168.1.32
TLSv1.2 991 Certificate, Certificate Status, Server Key
Exchange, Server Hello Done<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Transport Layer Security<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> TLSv1.2 Record Layer: Handshake Protocol:
Certificate<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Content Type: Handshake (22)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Version: TLS 1.2 (0x0303)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Length: 4102<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Handshake Protocol:
Certificate<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Handshake Type: Certificate (11)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> ...<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Transport Layer Security<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> TLSv1.2 Record Layer: Handshake Protocol:
Certificate Status<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Content Type: Handshake (22)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Version: TLS 1.2 (0x0303)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Length: 479<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Handshake Protocol:
Certificate Status<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Handshake Type: Certificate Status (22)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Length: 475<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Certificate Status Type: OCSP (1)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> OCSP
Response Length: 471<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> OCSP
Response<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>...<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> TLSv1.2 Record Layer: Handshake Protocol: Server Key
Exchange<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Content Type: Handshake (22)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Version: TLS 1.2 (0x0303)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Length: 333<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Handshake Protocol: Server
Key Exchange<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Handshake Type: Server Key Exchange (12)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Length: 329<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> EC
Diffie-Hellman Server Params<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>...<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> TLSv1.2 Record Layer: Handshake Protocol: Server
Hello Done<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Content Type: Handshake (22)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Version: TLS 1.2 (0x0303)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Length: 4<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'> Handshake Protocol: Server
Hello Done<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Handshake Type: Server Hello Done (14)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>
Length: 0<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>...<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>I noticed there is a mention of Diffie-Hellman which may require some
attention but I am not sure.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>I am sorry for all this information but I really look forward to
knowing more and managing to sort this issue out. Is there anything in this
information that is relevant to understanding the issue I have ? Where should I
focus ?<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Best regards,<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>JF<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Le 02/01/2021 à 11:26, jean francois hasson a écrit :<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Hi,<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Thank you Amos Jeffries and Antony Stone. It seems the configuration I
have provides the functionality of filtering I am looking for.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>There is a strange behavior I can see when accessing some legitimate
sites which I see traces of in cache.log :<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>2021/01/02 10:55:48 kid1| helperOpenServers: Starting 1/20 'squidGuard'
processes<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>2021/01/02 10:57:31 kid1| ERROR: negotiating TLS on FD 39:
error:1407743E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert inappropriate
fallback (1/-1/0)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>2021/01/02 10:57:31 kid1| Error negotiating SSL connection on FD 38:
error:00000001:lib(0):func(0):reason(1) (1/-1)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>2021/01/02 10:57:32 kid1| ERROR: negotiating TLS on FD 38:
error:1407743E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert inappropriate
fallback (1/-1/0)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>2021/01/02 10:57:32 kid1| Error negotiating SSL connection on FD 35:
error:00000001:lib(0):func(0):reason(1) (1/-1)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>2021/01/02 10:57:40 kid1| Starting new redirector helpers...<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>2021/01/02 10:57:40 kid1| helperOpenServers: Starting 1/20 'squidGuard'
processes<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>2021/01/02 10:58:09 kid1| ERROR: negotiating TLS on FD 51:
error:1407743E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert inappropriate
fallback (1/-1/0)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>2021/01/02 10:58:09 kid1| Error negotiating SSL connection on FD 40:
error:00000001:lib(0):func(0):reason(1) (1/-1)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>2021/01/02 10:58:10 kid1| ERROR: negotiating TLS on FD 51:
error:1407743E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert inappropriate
fallback (1/-1/0)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>2021/01/02 10:58:10 kid1| Error negotiating SSL connection on FD 40:
error:00000001:lib(0):func(0):reason(1) (1/-1)<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>I noticed other users of squid encountered similar issues but I did not
find a clear answer to the issue. Is there a problem with my setup ? I am not
sure to be able to solve it on my own ! Any help would be appreciated.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Best regards,<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>JF Hasson<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Le 31/12/2020 à 10:14, Antony Stone a écrit :<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>On Thursday 31 December 2020 at 10:10:11, jean francois hasson wrote:<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>If I set up on a device connected to the access point a proxy manually<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>ie 10.3.141.1 on port 8080, I can access the internet. If I put the<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>following rules for iptables to use in files rules.v4 :<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>*nat<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j DNAT --to-destination<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>10.3.141.1:3128<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports
3128<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j DNAT
--to-destination<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>10.3.141.1:3129<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>-A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports
3129<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>-A POSTROUTING -s 10.3.141.0/24 -o eth0 -j MASQUERADE<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Try removing the DNAT rules above. You should be using REDIRECT for
intercept <o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>mode to work correctly.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>Antony.<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'><o:p> </o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>_______________________________________________<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>squid-users mailing list<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>squid-users@lists.squid-cache.org<o:p></o:p></span></font></p>
<p class=MsoPlainText><font size=2 face="Courier New"><span style='font-size:
10.0pt'>http://lists.squid-cache.org/listinfo/squid-users<o:p></o:p></span></font></p>
</div>
</body>
</html>