I have squid set up as a transparent outbound proxy using version 3.5. When upgrading to 4.12, I am seeing an error "Error parsing SSL Server Hello Message on FD XX" that did not happen before. Here is my config:
http_port 3129 intercept cache_effective_user squid cache_effective_group squid workers 1 acl CONNECT method CONNECT acl allowed_http_sites dstdom_regex "/etc/squid/outbound_whitelist.txt" http_access allow allowed_http_sites acl allowed_networks src 10.0.0.0/8 acl allowed_networks src 172.0.0.0/8 https_port 3130 intercept ssl-bump cert=/etc/squid/ssl/squid.pem acl SSL_port port 443 http_access allow SSL_port acl allowed_https_sites ssl::server_name_regex "/etc/squid/outbound_whitelist.txt" acl step3 at_step SslBump3 ssl_bump peek all ssl_bump splice step3 allowed_https_sites ssl_bump terminate all cache deny all http_access deny all shutdown_lifetime 0 pid_filename /var/run/squid.pid log_mime_hdrs on logfile_rotate 2 access_log stdio:/dev/stdout cache_log stdio:/dev/stderr Previous to 4.12, if I tried to upgrade to any v4 or v5 of squid, I would get an issue with "inappropriate fallback" when going to some sites supporting TLS 1.3 (but not all). This appears to have been resolved, but this "Error parsing SSL Server Hello Message" is new. Is there something that should change in my config? Can anyone tell me what this error means? Thanks, Tanner
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
