[squid-users] Cant open some HTTPS with Squid 4.8
Alex Rousskov
rousskov at measurement-factory.com
Tue Sep 3 13:43:29 UTC 2019
On 9/3/19 7:47 AM, KOTOXJle6 wrote:
> I have this errors in /var/log/squid/cache.log
>
> /ERROR: negotiating TLS on FD 46: error:1425F175:SSL
> routines:ssl_choose_client_version:inappropriate fallback (1/-1/0)/
According to the discussion linked below, these errors may be "normal":
https://security.stackexchange.com/questions/160922/ssl-error-inappropriate-fallback-and-tls-fallback-scsv
To confirm that they are normal, you would need to isolate traffic from
the affected client and see whether its previous connection or tunneling
attempt has failed for some reason.
> /ERROR: negotiating TLS on FD 104: error:14094410:SSL
> routines:ssl3_read_bytes:sslv3 alert handshake failure (1/-1/0)
> /
>
> /ERROR: negotiating TLS on FD 27: error:1423406E:SSL
> routines:tls_parse_stoc_sct:bad extension (1/-1/0)/
A similar problem was discussed at
http://lists.squid-cache.org/pipermail/squid-users/2019-April/020506.html
If your OpenSSL installation is reasonably fresh, then you will need to
isolate the failure to where you can connect TCP packet samples and/or
Squid debugging logs.
HTH,
Alex.
More information about the squid-users
mailing list