[squid-users] Problem with ssl_choose_client_version:inappropriate fallback on some sites when using TLS1.2
John
eype69 at gmail.com
Wed Sep 18 19:55:40 UTC 2019
Hi Amos
Thank you for your help.
On Tue, 17 Sep 2019 at 07:26, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> ...
> > Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
>
> I suspect it might have something to do with these ECDSA keys.
>
> You do not have Elliptic-Curves enabled on the https_port client-facing
> connection. So the TLS extensions associated are likely not to be
> compatible between the client and the server connections Squid is
> attempting to bridge between.
>
I generated a dhparams file using the command:
openssl dhparam -out dhparams.pem 2048
and then I configured the port with the following options:
https_port 3130 cert=/etc/squid/ssl/squid.pem ssl-bump intercept
tls-dh=prime256v1:/etc/squid/dhparams.pem
options=SINGLE_ECDH_USE,SINGLE_DH_USE
But this still gives this in the log when I connect:
2019/09/18 08:19:44 kid1| ERROR: negotiating TLS on FD 17:
error:1425F175:SSL routines:ssl_choose_client_version:inappropriate
fallback (1/-1/0)
I have also tried restricting the cipher to the same cipher that works
for the ubuntu connection and I get the same error:
openssl s_client -tls1_2 -CAfile squid.crt -cipher
ECDHE-RSA-AES128-GCM-SHA256 -connect www.google.com:443
With this restriction, the client hello to squid is:
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 156
Version: TLS 1.2 (0x0303)
Random: e52eb8a54705dc32774c5832694dd4567cd9b0f34556ebf3…
Session ID Length: 0
Cipher Suites Length: 4
Cipher Suites (2 suites)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Extensions Length: 111
Extension: server_name (len=19)
Extension: ec_point_formats (len=4)
Extension: supported_groups (len=12)
Extension: session_ticket (len=0)
Extension: encrypt_then_mac (len=0)
Extension: extended_master_secret (len=0)
Extension: signature_algorithms (len=48)
The proxied hello to google is identical to the above.
The server hello from google is:
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 63
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 59
Version: TLS 1.2 (0x0303)
Random: 5d81da909e779d7e67f2663d6563236721b0906d09dacf02…
Session ID Length: 0
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Compression Method: null (0)
Extensions Length: 19
Extension: extended_master_secret (len=0)
Extension: renegotiation_info (len=1)
Extension: ec_point_formats (len=2)
Extension: session_ticket (len=0)
TLSv1.2 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 2537
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 2533
Certificates Length: 2530
Certificates (2530 bytes)
Certificate Length: 1422
Certificate:
3082058a30820472a0030201020210556630a312faeab908…
(id-at-commonName=www.google.com,id-at-organizationName=Google
LLC,id-at-localityName=Mountain
View,id-at-stateOrProvinceName=California,id-at-countryName=US)
Certificate Length: 1102
Certificate:
3082044a30820332a003020102020d01e3b49aa18d8aa981…
(id-at-commonName=GTS CA 1O1,id-at-organizationName=Google Trust
Services,id-at-countryName=US)
TLSv1.2 Record Layer: Handshake Protocol: Server Key Exchange
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 300
Handshake Protocol: Server Key Exchange
Handshake Type: Server Key Exchange (12)
Length: 296
EC Diffie-Hellman Server Params
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
If you have any further suggestions as to how/where I should debug I
would be extremely grateful.
John
On Tue, 17 Sep 2019 at 07:26, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
>
> On 15/09/19 10:41 pm, John Sweet-Escott wrote:
> > Hi All
> >
> > We are trying to run Squid 4.8, compiled with OpenSSL 1.1.1 (see [1]) on
> > Ubuntu 18.04 as a transparent proxy for the purpose of egress filtering
> > of HTTPS traffic using SNI (see config in [2]). It it works correctly
> > when contacting some addresses (e.g. https://www.ubuntu.com) but not
> > others (e.g. https://www.google.com). When we contact
> > https://www.google.com using TLS1.2 we get the error in the logs:
> > 2019/09/15 10:33:09 kid1| ERROR: negotiating TLS on FD 19:
> > error:1425F175:SSL routines:ssl_choose_client_version:inappropriate
> > fallback (1/-1/0)
> ...
> > Cipher Suite: TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
>
> I suspect it might have something to do with these ECDSA keys.
>
> You do not have Elliptic-Curves enabled on the https_port client-facing
> connection. So the TLS extensions associated are likely not to be
> compatible between the client and the server connections Squid is
> attempting to bridge between.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list