Hi,
I have an error when going to a site that is set to be ssl-bumped in squid.
I have modified my squid config so that I have not specified any ciphers (I read in another forum post this would be the way to make it closest to the standard openssl).
The error that I see in squid cache logs is: "Handshake with SSL server failed: error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message"
Comparing two packet captures, one when trying to bump the website and the other when not bumping the website, the difference in sequences is as follows:
In the working PCAP:
1) Server Hello, Certificate
2) Client ack
3) Server key exchange, server hello done
4) client ack
5) Client key exchange, change cipher spec, encrypted handshake message (from client)
6) Server change cipher spec
7) Server encrypted handshake message
8) client ack
9) things working
In the non-working (ssl-bump) PCAP:
1) Server Hello, Certificate
2) Client ack
3) Server key exchange, server hello done
4) client ack
5) Alert (Level: Fatal, Description: Unexpected Message) (from client)
I can attach the PCAPs if it is more helpful, I just didn't want anyone to have to look through all of them in case this was enough to figure out what might be going wrong in the ssl-bumped case.
Thank you very much for your help and time,
John
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
