On 12/13/18 9:39 PM, John Refwe wrote: > acl step1 at_step SslBump1 > ssl_bump peek step1 > ssl_bump bump all > There are a few websites, one of which is https://opts.ssa.gov where > I get an error I'm having trouble understanding in the logs. Does an OpenSSL s_client test work for that site, from your Squid box? It works for me, but your environment may be different: $ openssl s_client --servername opts.ssa.gov --connect opts.ssa.gov:443 GET / > Am I running into a known limitation of server-first bumping? Why do you say "server-first bumping"? The Squid configuration you posted does not use server-first bumping. It uses step2 bumping, which is a completely different animal. Collecting a packet sample from the broken transaction (client-Squid and Squid-server packets, in all four directions), like Amos has suggested, is a good next step, especially if you cannot reproduce with s_client. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
