[squid-users] can't access https://www.finanzamt.bayern.de/ with sslbump (other sites works well)

Dieter Bloms squid at bloms.de
Tue Jan 8 16:52:23 UTC 2019


Hello,

I've compiled squid 4.5 with openssl1.1 as shipped with debian9.
Sslbump works fine for all sides, but I can't access only one site
https://www.finanzamt.bayern.de/
and don't know the reason.
Ssllabs gives "A".
Here are the squid compile options:

--snip--
Squid Cache: Version 4.5
Service Name: squid

This binary uses OpenSSL 1.1.0j  20 Nov 2018. For legal restrictions on distribution see https://www.openssl.org/source/license.html

configure options:  '--build=x86_64-linux-gnu' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--libexecdir=${prefix}/lib/dv-squid4' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' '--prefix=/usr' '--sysconfdir=/etc/squid' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--localstatedir=/var' '--libexecdir=/usr/sbin' '--datadir=/usr/share/squid' '--mandir=/usr/share/man' '--with-default-user=squid' '--with-filedescriptors=65536' '--disable-auto-locale' '--disable-auth-negotiate' '--disable-auth-ntlm' '--disable-eui' '--disable-carp' '--disable-htcp' '--disable-ident-lookups' '--disable-loadable-modules' '--disable-translation' '--disable-wccp' '--disable-wccpv2' '--enable-async-io=128' '--enable-auth' '--enable-auth-basic=LDAP NCSA' '--enable-auth-digest=LDAP file' '--enable-epoll' '--enable-log-daemon-helpers=file' '--enable-icap-client' '--enable-inline' '--enable-snmp' '--enable-disk-io=AIO,DiskThreads,IpcIo,Blocking' '--enable-storeio=ufs,aufs,rock' '--enable-referer-log' '--enable-useragent-log' '--enable-large-cache-files' '--enable-removal-policies=lru,heap' '--enable-follow-x-forwarded-for' '--enable-ssl-crtd' '--with-openssl' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/usr/src/packages/BUILD=. -fstack-protector-strong -Wformat -Werror=format-security' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/usr/src/packages/BUILD=. -fstack-protector-strong -Wformat -Werror=format-security' --enable-ltdl-convenience
--snip--

The access.log looks like:

--snip--
1546962078.461   4726 x.x.x.x NONE/200 0 CONNECT www.finanzamt.bayern.de:443 - HIER_DIRECT/193.34.207.31 -
1546962078.472      0 x.x.x.x NONE/500 8495 GET https://www.finanzamt.bayern.de/ - HIER_NONE/- text/html
--snip--

no entries in cache.log

Can anybody try this site to see whether it is my local installation, or the webserver.

Thank you very much.


-- 
Regards

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
From field.


More information about the squid-users mailing list