On 30/08/18 2:16 AM, Walter H. wrote: > Hello, > > what does this message > > 2018/08/29 16:11:28 kid1| Error negotiating SSL on FD 22: > error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > failure (1/-1/0) > > in cache.log mean? The OpenSSL used by your proxy is attempting to negotiate some feature of TLS/SSL the remote server does not like (eg. SSLv3). The remote server is rejecting the TLS connection. Probably because there is no alternative feature that it will accept from the one(s) the proxy is requesting. If this is happening during a regular proxy->server connection then likely your OpenSSL config settings need adjusting or library upgrading. If this is happening during SSL-Bump, that is commonly seen when admin attempts to restrict the available features to only the modern "safe" ciphers etc. Only the set which are *also* supported by the client can be negotiated with the server. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
