On 21/03/2014 6:55 a.m., Derek Jones wrote: > Hi, > > Does the Squid cygwin build come with ssl enabled? I installed squid > using the cygwin setup program. I did NOT run ./configure > --enable-ssl, but I added the following to my squid.conf and > everything seems to work just fine, except for one error. > > CONF: > > # Squid normally listens to port 3128 > http_port 3128 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB cert=/usr/share/ssl-cert/myCert.pem > > #SSL BUMP > always_direct allow all > ssl_bump server-first all > # The following two options are unsafe and not always necessary: > sslproxy_cert_error allow all > sslproxy_flags DONT_VERIFY_PEER > > ERROR: > > kid1: clientNegotiateSSL: Error negotiating SSL connection on FD 125: > Software caused connection abort (113) > > > Any ideas on potential issues with this? This is a generic TLS connection error. We see a lot of them when Squid and server cannot agree on a secure connection cipher, extensions, or such things. Amos
