* Ralf Hildebrandt <Ralf.Hildebrandt@xxxxxxxxxx>: > 2011/01/21 11:25:46| fwdNegotiateSSL: Error negotiating SSL connection on FD 1539: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter (1/-1/0) > 2011/01/21 11:25:46| fwdNegotiateSSL: Error negotiating SSL connection on FD 281: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter (1/-1/0) > 2011/01/21 11:25:46| fwdNegotiateSSL: Error negotiating SSL connection on FD 281: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter (1/-1/0) > > I enabled > # START > acl BrokenServersAtTrustedIP dst 194.151.178.174/32 > sslproxy_cert_error allow BrokenServersAtTrustedIP > sslproxy_cert_error deny all > # ENDE > > What am I missing? https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/595415 RAAAH! % openssl s_client -connect enis.eurotransplant.nl:443 CONNECTED(00000003) 24418:error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter:s23_clnt.c:602: but: # openssl s_client -ssl3 -connect enis.eurotransplant.nl:443 CONNECTED(00000003) depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain ... So, how do I force Squid-3.2 to use SSLv3 for that site? -- Ralf Hildebrandt GeschÃftsbereich IT | Abteilung Netzwerk Charità - UniversitÃtsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@xxxxxxxxxx | http://www.charite.de
