-----Original Message----- From: Henrik Nordstrom [mailto:hno@xxxxxxxxxxxxxxx] Sent: Wednesday, May 11, 2005 5:00 PM To: Ratti Michele Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: [squid-users] SQUID v2.5 STABLE9 On Wed, 11 May 2005, Ratti Michele wrote: > Good morning, > > I'm tring to make a HTTPS CALL (CONNECT and POST) through SQUID v2.5 > STABLE9 (RPM MANDRAKE) using a WEBLOGIC APPLICATION SERVER v8.1.2. I > obtain this exception: > FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to > negotiate an acceptable set of security parameters. To me it sounds like your client and server does not agree on what SSL parameters (cipher / version / hash / whatever) to use, not a Squid problem. Does it work if you attempt to go directly, not using the proxy? >> Directly it works. If that works, please use ssldump in decode mode to compare the two sessions. There should not be any difference except for the initial CONNECT wrapper. >> I can't try to do an ssldump trace when connecting directly. >> Here you have SSLDUMP trace I obtain connecting through SQUID: New TCP connection #3: 217.220.16.252(57483) <-> 81.21.130.20(443) 3 1 0.0284 (0.0284) C>S SSLv2 compatible client hello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 SSL2_CK_RC4 TLS_RSA_WITH_RC4_128_SHA TLS_DHE_DSS_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA Unknown value 0x4e Unknown value 0x2f Unknown value 0x35 TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA Unknown value 0x50 TLS_RSA_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_ECDH_ECDSA_WITH_DES_CBC_SHA Unknown value 0x4f TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_DHE_DSS_WITH_RC2_56_CBC_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_RC4_40_MD5 SSL2_CK_RC4_EXPORT40 TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA Unknown value 0x47 TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 3 2 0.0662 (0.0377) S>C Handshake ServerHello Version 3.1 session_id[32]= 00 00 00 00 12 21 6b a3 2f c6 42 e7 20 21 c6 11 46 4e 4e ca b1 89 dc ce 96 11 57 f5 c1 69 4b f1 cipherSuite TLS_RSA_WITH_RC4_128_MD5 compressionMethod NULL Certificate ServerHelloDone 3 3 0.0799 (0.0137) C>S Alert level fatal value handshake_failure 3 0.0983 (0.0183) S>C TCP FIN 3 0.0984 (0.0000) C>S TCP FIN Regards Henrik >> Please help me. >> Regards. >> Michele
