On 4/02/2016 4:11 p.m., xxiao8 wrote: > I'm running squid/3.5.13/sslbump/intercept and saw the below when > visiting gmail.com from Chrome 48, gmail.com can not be opened. > > However Firefox works fine, no errors in the log, gmail.com opens as > expected. > > Error in the log: > ============== > Error negotiating SSL on FD 22: > error:140920F8:lib(20):func(146):reason(248) > ============== > > So, is this because of Chrome enforced ssl-pinning on google sites? I > can open www.google.com under Chrome just fine though not the rest > Google sites(gmail,youtube,etc). Again, Firefox has no such issues. No. That error mssages is output when Squid hits a problem attempting to do TLS handshake to the server or peer. It may be caused by what Chrome is sending to Squid (and thus affecting what Squid emits to the server), but its not pinning related unless they have drastically changed the pinning algorithms. Pinning shows up as a client connecting, being bumped (splice works okay AFAIK), then suddenly disconnecting/aborting. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
