[squid-users] How to make sslbump'ing more robust? (option to continue?)

L A Walsh squid-user at tlinx.org
Thu May 11 05:15:04 UTC 2017


I tried accessing a site that had an expired certificate today
(https://www.tcl.tk/doc/scripting.html).

In going through squid, I got:

-----
The following error was encountered while trying to retrieve the URL: 
https://www.tcl.tk/doc/scripting.html

    *Failed to establish a secure connection to 38.88.76.19*

The system returned:

    (71) Protocol error (TLS code: X509_V_ERR_CERT_HAS_EXPIRED)

    SSL Certificate expired on: May 10 23:59:59 2017 GMT

This proxy and the remote host failed to negotiate a mutually acceptable 
security settings for handling your request. It is possible that the 
remote host does not support secure connections, or the proxy is not 
satisfied with the host security credentials.

----------------


But trying the same page through IE (not going through squid), I got:

-------

There is a problem with this website's security certificate.

The security certificate presented by this website has expired or is not 
yet valid.

Security certificate problems may indicate an attempt to fool you or 
intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this 
website.

Click here to close this webpage. <javascript:closePage()>

Continue to this website (not recommended).


------

Is there any way to put up some similar page to describe the problem,
and most importantly, allow the connection to continue at user
discretion?


Thanks!
-linda



More information about the squid-users mailing list