[squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
Vieri
rentorbuy at yahoo.com
Thu Oct 6 06:10:59 UTC 2016
----- Original Message -----
> From: Marc <gaardiolor at gmail.com>
> Mimicing in openssl (well.. not perfect but it joes the job I guess):
> openssl s_client -quiet -connect www.google.com:443 -tls1 -cipher
> RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-
> RC4-MD5:EXP-RC2-CBC-MD5:DHE-DSS-DES-CBC3-SHA:DHE-DSS-CBC-SHA:EXP1024-DHE-DSS-
> DES-CBC-SHA
> < <(echo -e "GET / HTTP/1.1\nHost: https://www.google.com\n\n")
> SQUID_ERR_SSL_HANDSHAKE
Hi,
Here's what I get when I run the same commands as you did.
# openssl s_client -quiet -connect www.google.com:443 -tls1 -cipher RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:DHE-DSS-DES-CBC3-SHA:DHE-DSS-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA < <(echo -e "GET / HTTP/1.1\nHost: https://www.google.com\n\n")
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = www.google.com
verify return:1
HTTP/1.1 400 Bad Request
Content-Length: 54
Content-Type: text/html; charset=UTF-8
Date: Thu, 06 Oct 2016 06:04:47 GMT
Connection: close
<html><title>Error 400 (Bad Request)!!1</title></html>read:errno=0
# openssl s_client -connect www.google.com:443 -tls1 -cipher RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:DHE-DSS-DES-CBC3-SHA:DHE-DSS-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA
[...]
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
[...]
As you can see I'm not getting the SSL handshake error.
Using openssl-1.0.2d.
Vieri
More information about the squid-users
mailing list