Hi all, I have installed squid 4.1 on debian 9 with openssl 1.1.0f on transparent mode. I need to know how to track this error: (debbuging options is almost impossible i mean examine the FD, etc.) kid1| Error negotiating SSL connection on FD 19: error:00000001:lib(0):func(0):reason(1) (1/-1) There are a lot of them in cache.log when mobile devices uses (unsuccefully) apps like instagram/Pinterest/Facebook/twitter, etc. Neither is a “cipher-out” problem because I just tried: tls_outgoing_options cipher=ALL (only for testing) From any PC those sites works well. So there is not a certificate missing problem. Here a copy of most relevant config: =================CFG================== http_port 3128 http_port 3129 intercept https_port 3130 intercept ssl-bump \ cert=/etc/squid/ssl_cert/squid4ssl.pem \ key=/etc/squid/ssl_cert/squid4ssl.pem \ generate-host-certificates=on dynamic_cert_mem_cache_size=4MB sslcrtd_program /lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB tls_outgoing_options cafile=/etc/ssl/certs/ca-certificates.crt tls_outgoing_options cafile=/etc/squid/ssl_cert/cabundle.pem tls_outgoing_options options=NO_SSLv3 tls_outgoing_options cipher=ALL:!SSLv2:!ADH:!DSS:!MD5:!EXP:!DES:!PSK:!SRP:!RC4:!IDEA:!SEED:!aNULL:!eNULL acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 acl noBumpSites ssl::server_name_regex -i "/etc/squid/url.nobump" ssl_bump peek step1 all ssl_bump peek step2 noBumpSites ssl_bump splice step3 noBumpSites ssl_bump stare step2 ssl_bump bump step3 # cache ram cache_mem 1024 MB =================CFG================== And so on.. Any suggestiong on the config above? Or a workaround the problem mentioned? Thank you all! |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
