On 12/03/20 4:59 am, Edouard Gaulué wrote: > Hi Community, > > We moved from 3.4.8 to 4.10 two days ago (and more generally to Buster). > > Some users complain today about HTTPS sites that are not reachable while > it was before (we bump). They are reachable from browsers without proxy. > > An example is : www.marches-securises.fr. > > In the log I get : > > ERROR: negotiating TLS on FD 57: error:1414D172:SSL > routines:tls12_check_peer_sigalg:wrong signature type (1/-1/0) > This is an error from your Squid machines OpenSSL library. > openssl s_client -connect www.marches-securises.fr:443 is OK > > I believed in the beginning, it was an intermediate certificate trouble, > but it doesn't look so. I read this : > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934453 > > I'm not sure squid is involved, but maybe some of you have already > overcome this kind of trouble through squid or openssl configuration. > If you can get a packet trace and inspect the TLS messages with wireshark you should be able to determine what is actually happening. If you can find for certain what the cause of problem is we might be able to help with solutions (if not obvious to you by then). Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
