[squid-users] SSL3_READ_BYTES:sslv3 alert certificate unknown

Amos Jeffries squid3 at treenet.co.nz
Wed Oct 28 10:47:50 UTC 2015


On 28/10/2015 11:35 p.m., Yuri Voinov wrote:
> Hi gents.
> 
> I think, all of you who use Bump, seen much this messages in your
> cache.log.
> 
> SSL3_READ_BYTES:sslv3 alert certificate unknown
> 
> AFAIK, no way to identify which CA is absent in your setup.
> 
> I propose to consider the following questions: how do properly support
> SSL proxy, if you can not identify the problem certificates? Telepaths
> sunbathing in Bali. The procedure, which currently can not quickly and
> in any way to effectively determine such a certificate.
> 
> At the moment, the situation is as follows. SSL library - a thing in
> itself, it runs by itself and does not write any logs. Squid - itself
> and any useful information on the library does not receive but obscure
> diagnostic messages. The possibility in any way specify the SSL library
> diagnostic messages we have, and, as I understand it, will not.
> 
> So, any ideas?

Make sure Squid is sending the whole CA chain to the remote end?

Amos



More information about the squid-users mailing list