[squid-users] SSL errors with Squid 3.5.27
L.P.H. van Belle
belle at bazuin.nl
Wed Jun 13 08:19:41 UTC 2018
Hai,
I would say facebook protected there certificates with TSLA.
Then you cant use ssl bump if im correct.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: squid-users
> [mailto:squid-users-bounces at lists.squid-cache.org] Namens
> Julian Perconti
> Verzonden: dinsdag 12 juni 2018 21:55
> Aan: squid-users at lists.squid-cache.org
> Onderwerp: Re: [squid-users] SSL errors with Squid 3.5.27
>
> >Interesting.
> >
> >The main issue was that you configured only params for the
> Diffi-Helman (DH and DHE) ciphers - no >curve name. That
> meant your specified EEC* ciphers were disabled since they
> require a curve name as >well.
> >
> >Removing this option completely disables both DH and ECDH
> cipher types.
> >Leaving your proxy with only the RSA based ciphers.
> >
> >Amos
>
> kid1| Error negotiating SSL on FD 60: error:14007086:SSL
> routines:CONNECT_CR_CERT:certificate verify failed (1/-1/0)
>
> Hi Amos,
>
> I still have no look to connect with WhatsApp from iOS.
>
> How do I can track this error?:
>
> kid1| Error negotiating SSL on FD 60: error:14007086:SSL
> routines:CONNECT_CR_CERT:certificate verify failed (1/-1/0)
>
> I mean examine the FD, ...or.. what? How? Because from iOS i
> cant see any error, it just tries to connect indefinitely.
>
> Some whatsapp/Facebook server with the command:
>
> Openssl s_client -connect -showcerts x.x.x.x:443
>
> Does not shows any cert and establishes a connection with TLS 1.2...
>
> Any idea?
>
> Thank You
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list