On 28/08/2015 9:58 p.m., Oliver Webb wrote: > I have transparent SSL bumping working perfectly in Chrome and > Safari (iOS and Windows 7) and Internet Explorer *on Windows Phone*, and by perfectly I mean no certificate warnings of any description for any site everything just behaves normally (apart from the sites certificate being signed by me.) However in Internet Explorer 11 on Windows 7 I get the following message for all secure bumped sites (secure sites like ebay for example load fine because I have configured not to be bumped and also unsecure sites load fine as well) > This page can’t be displayed > > Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to > https://google.co.uk again. If this error persists, contact your site administrator. > > I just wondered if anyone had any bright ideas as to what might be up. The complete lack of warnings is a BAD sign. It means the certificate mimic feature is probably is not working at all. Mimic is supposed to pass certificate flaws in the server certs through to the client/browser so all the security go/die decisions can be made by the end-users own preference confg. The error message you show implies that you have configured your proxy for SSLv3-only or SSLv2-only. At least on the listening ports the browser is connecting to. Though since it was displayed by a browser we can't be 100% sure it contains truth (SSL-bump is feeding some bold lies to it). PS. If not 3.5.7 or a later snapshot please try an upgrade. PPS. I'm told people are having pain from OpenSSL 0.9.8 apparently trying to do TLS/1.0 in a way Squid does not handle properly right now. If that library version is installed on the client you may need to wait for a fix the guys are working on as I type this (ETA unknown). Though if you can get the client to upgrade to a more current and secure OpenSSL that would be even better. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
