[squid-users] Squid 4.1 Error negotiating SSL connection
Julian Perconti
vh1988 at yahoo.com.ar
Wed Jul 4 00:06:42 UTC 2018
Hi all,
I have installed squid 4.1 on debian 9 with openssl 1.1.0f on transparent
mode.
I need to know how to track this error: (debbuging options is almost
impossible i mean examine the FD, etc.)
kid1| Error negotiating SSL connection on FD 19:
error:00000001:lib(0):func(0):reason(1) (1/-1)
There are a lot of them in cache.log when mobile devices uses (unsuccefully)
apps like instagram/Pinterest/Facebook/twitter, etc.
Neither is a "cipher-out" problem because I just tried: tls_outgoing_options
cipher=ALL (only for testing)
>From any PC those sites works well. So there is not a certificate missing
problem.
Here a copy of most relevant config:
=================CFG==================
http_port 3128
http_port 3129 intercept
https_port 3130 intercept ssl-bump \
cert=/etc/squid/ssl_cert/squid4ssl.pem \
key=/etc/squid/ssl_cert/squid4ssl.pem \
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
sslcrtd_program /lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
tls_outgoing_options cafile=/etc/ssl/certs/ca-certificates.crt
tls_outgoing_options cafile=/etc/squid/ssl_cert/cabundle.pem
tls_outgoing_options options=NO_SSLv3
tls_outgoing_options
cipher=ALL:!SSLv2:!ADH:!DSS:!MD5:!EXP:!DES:!PSK:!SRP:!RC4:!IDEA:!SEED:!aNULL
:!eNULL
acl step1 at_step SslBump1
acl step2 at_step SslBump2
acl step3 at_step SslBump3
acl noBumpSites ssl::server_name_regex -i "/etc/squid/url.nobump"
ssl_bump peek step1 all
ssl_bump peek step2 noBumpSites
ssl_bump splice step3 noBumpSites
ssl_bump stare step2
ssl_bump bump step3
# cache ram
cache_mem 1024 MB
=================CFG==================
And so on..
Any suggestiong on the config above? Or a workaround the problem mentioned?
Thank you all!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180703/8f141a7e/attachment.html>
More information about the squid-users
mailing list