[squid-users] How to make sslbump'ing more robust? (option to continue?)
L A Walsh
squid-user at tlinx.org
Thu May 11 05:15:04 UTC 2017
I tried accessing a site that had an expired certificate today
(https://www.tcl.tk/doc/scripting.html).
In going through squid, I got:
-----
The following error was encountered while trying to retrieve the URL:
https://www.tcl.tk/doc/scripting.html
*Failed to establish a secure connection to 38.88.76.19*
The system returned:
(71) Protocol error (TLS code: X509_V_ERR_CERT_HAS_EXPIRED)
SSL Certificate expired on: May 10 23:59:59 2017 GMT
This proxy and the remote host failed to negotiate a mutually acceptable
security settings for handling your request. It is possible that the
remote host does not support secure connections, or the proxy is not
satisfied with the host security credentials.
----------------
But trying the same page through IE (not going through squid), I got:
-------
There is a problem with this website's security certificate.
The security certificate presented by this website has expired or is not
yet valid.
Security certificate problems may indicate an attempt to fool you or
intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this
website.
Click here to close this webpage. <javascript:closePage()>
Continue to this website (not recommended).
------
Is there any way to put up some similar page to describe the problem,
and most importantly, allow the connection to continue at user
discretion?
Thanks!
-linda
More information about the squid-users
mailing list