Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

-Message d'origine- De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de David Touzeau Envoyé : mardi 24 janvier 2017 11:42 À : squid-users@lists.squid-cache.org Objet : Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent

Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

This is a different log trace from David's. Here Squid is setting up a TUNNEL to the clients original dst-IP, successfully. Any TLS funky stuff going on for this transaction is done directly between server and client. Squid's only involvement is to peek at the Hello messages and record them for

Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

> On Mon, 2017-01-23 at 19:54 -0700, Alex Rousskov wrote: >> On 01/23/2017 04:28 PM, David Touzeau wrote: >>> >>> ssl_bump peek ssl_step1 >>> ssl_bump splice all >>> >>> sslproxy_flags DONT_VERIFY_PEER >>> sslproxy_cert_error allow all >> >>> >>> When connecting to mozilla.org using transparent,

Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

On Mon, 2017-01-23 at 19:54 -0700, Alex Rousskov wrote: > On 01/23/2017 04:28 PM, David Touzeau wrote: > > > > ssl_bump peek ssl_step1 > > ssl_bump splice all > > > > sslproxy_flags DONT_VERIFY_PEER > > sslproxy_cert_error allow all > > > > > When connecting to mozilla.org using transparent,

Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

On 01/23/2017 04:28 PM, David Touzeau wrote: > ssl_bump peek ssl_step1 > ssl_bump splice all > > sslproxy_flags DONT_VERIFY_PEER > sslproxy_cert_error allow all > When connecting to mozilla.org using transparent, we receive this error: > > * About to connect() to www.mozilla.org port 443 (#0)

Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

De : squid-users [mailto:squid-users-boun...@lists.squid-cache.org] De la part de Amos Jeffries Envoyé : mardi 24 janvier 2017 01:01 À : squid-users@lists.squid-cache.org Objet : Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol On 24/01

Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

On 24/01/2017 12:28 p.m., David Touzeau wrote: > Same issue with https://www.digitalocean.com/ > is somebody did not encounter the issue using Squid in transparent mode with > SSL ?? > The TLS / HTTP Senvironment is in the process of stabilizing, but still quite volatile. Since the error

Re: [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

À : squid-users@lists.squid-cache.org Objet : [squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol Hi I'm using SSL transparent method : https_port 0.0.0.0:53695 intercept disable-pmtu-discovery=transparent name=MyPortNameID22 ssl-bump

[squid-users] [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

Hi I'm using SSL transparent method : https_port 0.0.0.0:53695 intercept disable-pmtu-discovery=transparent name=MyPortNameID22 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/cb623e9bfc65772f68b84393604cd6ea.dyn sslproxy_foreign_intermediate_certs