Hello Dieter, Just for the record, I have no problems accessing that site using SSL bumping AD integrated Squid 4.4 (coupled with web safety ICAP filter but that should not matter really). Squid conf is more or less default with usual peek-and-splice (bump all) directives. Best regards, Rafael Akchurin Diladele B.V. -----Original Message----- From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of Amos Jeffries Sent: Wednesday, 9 January 2019 13:25 To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: can't access https://www.finanzamt.bayern.de/ with sslbump (other sites works well) On 9/01/19 5:52 am, Dieter Bloms wrote: > Hello, > > I've compiled squid 4.5 with openssl1.1 as shipped with debian9. > Sslbump works fine for all sides, but I can't access only one site > https://www.finanzamt.bayern.de/ and don't know the reason. > Ssllabs gives "A". That means they are using "Good Practice" with their use of TLS. The better they use TLS the less likely that SSL-Bump works. ... > The access.log looks like: > > --snip-- > 1546962078.461 4726 x.x.x.x NONE/200 0 CONNECT www.finanzamt.bayern.de:443 - HIER_DIRECT/193.34.207.31 - > 1546962078.472 0 x.x.x.x NONE/500 8495 GET https://www.finanzamt.bayern.de/ - HIER_NONE/- text/html > --snip-- > > no entries in cache.log > > Can anybody try this site to see whether it is my local installation, or the webserver. > Please check your cache.log and the 500-status error page message to find out what the problem is. TLS is such a complicated system that it is unlikely others will be able to see the reason your system is failing with the very few details you have provided. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
