[squid-users] A bunch of SSL errors I am not sure why

Amos Jeffries squid3 at treenet.co.nz
Sat Jan 14 04:50:43 UTC 2017 

On 14/01/2017 4:27 a.m., Sameh Onaissi wrote:
> Hello Eliezer, all,
> 
> 
> I removed the cipher and the problem is still there:
> 
> 
> 2017/01/13 10:20:50 kid1| Error negotiating SSL connection on FD 138: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca (1/0)

The CA used to sign the remote endpoints certificate is not trusted. Or
an intermediary certificate is missing.

* Check that the set of "global trusted CA" installed on your Squid
machiene is up to date.

* Try the latest Squid-4, which can auto-download intermediate certificates.


> 2017/01/13 10:21:05 kid1| Error negotiating SSL connection on FD 191: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0)
> 2017/01/13 10:21:17 kid1| Error negotiating SSL connection on FD 194: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0)
> 2017/01/13 10:21:17 kid1| Error negotiating SSL connection on FD 198: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0)
> 2017/01/13 10:21:18 kid1| Error negotiating SSL connection on FD 194: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0)
> 2017/01/13 10:21:18 kid1| Error negotiating SSL connection on FD 194: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0)
> 2017/01/13 10:21:19 kid1| Error negotiating SSL connection on FD 194: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0)

The obsolete SSL protocol is being used.


> 2017/01/13 10:21:24 kid1| Error negotiating SSL connection on FD 163: Closed by client

The client disconnected. You can do nothing about that.

> 2017/01/13 10:21:39 kid1| Error negotiating SSL connection on FD 250: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca (1/0)
> 2017/01/13 10:21:42 kid1| Error negotiating SSL on FD 298: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0)

"certificate verify failed" says what it means.

> 2017-01-13 10:21:53 [29866] Request(everyone/deny/-) https://accounts.youtube.com/accounts/CheckConnection?pmpo=https://accounts.google.com&v=-1574475776&timestamp=1484320896449 10.0.0.127/10.0.0.127 - GET REDIRECT
> 2017/01/13 10:21:56 kid1| Error negotiating SSL connection on FD 109: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca (1/0)
> 2017/01/13 10:21:56 kid1| Error negotiating SSL connection on FD 309: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0)
> 2017/01/13 10:22:25 kid1| Error negotiating SSL connection on FD 155: Closed by client
> 

Amos

More information about the squid-users mailing list