[squid-users] Error negotiating SSL connection on FD 16

saiyan_gc gengchao62 at gmail.com
Thu Apr 2 04:42:31 UTC 2020


Hi, thank you for reply me. Really appreciated!

I modified the squid conf file to:

http_port 2128 ssl-bump cert=/etc/squid/ssl_cert/example.com.cert \
    key=/etc/squid/ssl_cert/example.com.private \
    generate-host-certificates=on \
    dynamic_cert_mem_cache_size=4MB
https_port 3130 cert=/etc/squid/ssl_cert/example.com.cert \
    key=/etc/squid/ssl_cert/example.com.private  
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
auth_param basic children 5 startup=0 idle=1
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl ncsa_users proxy_auth REQUIRED
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
http_access deny !ncsa_users
http_access allow ncsa_users

And it's working for http_port. I put the cert into
/etc/pki/trust-ca/source/anchor, and run a update-ca-trust command. And both
aws cli and curl command work now. I am still not sure why https_port desn't
work.

The previous setting work with curl but not aws cli, not sure why it failure
during tls handshake.

Thank you





--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html


More information about the squid-users mailing list