[squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol
Amos Jeffries
squid3 at treenet.co.nz
Tue Jan 24 00:01:09 UTC 2017
On 24/01/2017 12:28 p.m., David Touzeau wrote:
> Same issue with https://www.digitalocean.com/
> is somebody did not encounter the issue using Squid in transparent mode with SSL ??
>
The TLS / HTTP Senvironment is in the process of stabilizing, but still
quite volatile.
Since the error message says "unknown protocol" I suspect it is
something like WebSockets, HTTP/2 or SPDY which you are actually
intercepting on port 443. Not HTTP/1 which Squid supports.
Or maybe it is some non-TLS traffic that OpenSSL does not support.
Mozilla do cert pinning, so teh bump/intercept should probably not work
anyway. I'm not sure about digitalocean.
Amos
More information about the squid-users
mailing list