On 13/06/18 07:54, Julian Perconti wrote: >> Interesting. >> >> The main issue was that you configured only params for the Diffi-Helman (DH and DHE) ciphers - no >curve name. That meant your specified EEC* ciphers were disabled since they require a curve name as >well. >> >> Removing this option completely disables both DH and ECDH cipher types. >> Leaving your proxy with only the RSA based ciphers. >> >> Amos > > kid1| Error negotiating SSL on FD 60: error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed (1/-1/0) > > Hi Amos, > > I still have no look to connect with WhatsApp from iOS. > > How do I can track this error?: > > kid1| Error negotiating SSL on FD 60: error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed (1/-1/0) > > I mean examine the FD, ...or.. what? How? Because from iOS i cant see any error, it just tries to connect indefinitely. Yes. With "debug_options ALL,9" and a "grep --context=10 'FD nn'" f the resulting cache.log for whatever the FD number is in the test after you update the logging content. Some of those lines should show what is happening on that FD, maybe some clues in there. > > Some whatsapp/Facebook server with the command: > > Openssl s_client -connect -showcerts x.x.x.x:443 > > Does not shows any cert and establishes a connection with TLS 1.2... > > Any idea? Probably something you are not noticing, or think is irrelevant but actually is. Since you are hiding the details of what is going on we cannot replicate and see for ourselves if there is any hint in those hidden results which anyone with more knowledge might find. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
