On 30/11/18 12:16 pm, John Refwe wrote: > Hi, > > I'm encountering a ssl bump error when going > to https://www.finansinspektionen.se/ > > The error is similar in nature > to http://squid-web-proxy-cache.1019090.n4.nabble.com/Message-with-SSL-bump-with-a-specific-site-td4686867.html TLS is complex protocol. "Similar to" is not enough to be accurate. Did you do what I suggested in that thread to closer identify what was actually happening? > > I took a packet capture and it didn't explain anything beyond what is > discussed in the above thread. I could readily reproduce it with both > squid 3.5 and squid 4.0. Interestingly, when I did an openssl s_client > to the domain and then did pasted: > GET / HTTP/1.1 > Host: www.finansinspektionen.se > Connection: keep-alive > > Things seemed to work. So, it doesn't immediately seem to be an openssl > issue? > The test only shows that the default parameters your OpenSSL library wants to use will work. The parameters of the handshake outgoing from Squid is mediated by settings the client uses and anything you have forced limits on through squid.conf settings. > Is anyone able to reproduce this / maybe provide a little bit of insight > as to what might be happening? > Not from those clues. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
