Search squid archive

Re: [3.5.23]: mozilla.org failed using SSL transparent SSL23_GET_SERVER_HELLO:unknown protocol

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a different log trace from David's.

Here Squid is setting up a TUNNEL to the clients original dst-IP,
successfully. Any TLS funky stuff going on for this transaction is done
directly between server and client. Squid's only involvement is to peek at
the Hello messages and record them for its log.

But some of those details (ie the agreed cipher) come from the ServerHello
on successful TLS setup. So I think no errors happened in that log entries
transaction.

Amos

______________________________________________________________________________________________


Hi tried with

acl nossl dst 104.16.41.2
acl nossl2 dstdomain -i .mozilla.org
ssl_bump splice nossl
ssl_bump splice nossl2
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump peek ssl_step1
ssl_bump splice all
sslproxy_flags DONT_VERIFY_PEER
sslproxy_cert_error allow all

1485252508.663      2 192.168.1.236 TAG_NONE/403 6263 CONNECT 
104.16.41.2:443 - HIER_NONE/- text/html
1485252509.385      2 192.168.1.236 TAG_NONE/403 6263 CONNECT 
104.16.41.2:443 - HIER_NONE/- text/html

Using squid port 3128 without any bump allow accessing to mozilla 

So if there are any acl it will be blocked on both.

Return back to list with a full debug mode..


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux