Thanks for the hint. I tried this, based on the docs here: http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit … But it doesn’t seem to help. FYI trying to bump traffic from Instagram’s iOS app seems to trigger it pretty consistently. > On 25 Feb 2016, at 9:24 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > > On 24/02/2016 1:25 p.m., Dan Charlesworth wrote: >> That’s the version I’m on actually (RPM compiled by me): >> >> squid-3.5.13-1.el6.x86_64 >> openssl-1.0.1e-42.el6_7.2.x86_64 >> >> I’m not setting sslproxy_cipher in my config, so I guess that’s not it. My openssl library the problem perhaps? > > Perhapse. I expect that library is new enough not to have problems with > anything. > > It could still be the same DH problem. For the DH and ECDH type ciphers > you have to supply the Diffi-Helman parameters and/or Curve name or > Squid will still not be able to use / negotiate them. > > You could try setting up the tls-dh= parameter and see if it solves the > problem. > > > Of course you might just be seeing malware attacks intentionally trying > to force low-security ciphers and being rejected with that error logged. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
