On 11/01/2016 10:54 a.m., Roman Gelfand wrote: > I am getting the following error. Would anyone know the reason? > > Error negotiating SSL connection on FD 37: error:1408F10B:SSL > routines:SSL3_GET_RECORD:wrong version number > Please supply the rquired details: * Squid version (squid -v output) If it is older than 3.5.10 please upgrade. * OpenSSL version If it is older than 1.0.0 please (try to) upgrade. > > My sslbump config is > > http_port 3128 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB cert=/usr/local/ssl_cert/squidCA.pem > > ssl_bump server-first all At this point all the following directives about bumping are useless and will not happen. > ssl_bump peek all > ssl_bump terminate all > *DO NOT* mix deprecated and current bumping actions together. "Does not support peeking, which causes various problems. When used for intercepted traffic SNI is not available and the server raw-IP will be used in certificates. " One of those "various problems" is probably what you are encountering. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
