ERROR: negotiating TLS on FD 57: error:1414D172:SSL
routines:tls12_check_peer_sigalg:wrong signature type (1/-1/0)
This is an error from your Squid machines OpenSSL library.
That's what I thought. I also have: tls_process_ske_dhe:dh_key_too_small
for ssl server using SHA1.
openssl s_client -connect www.marches-securises.fr:443 is OK
I believed in the beginning, it was an intermediate certificate trouble,
but it doesn't look so. I read this :
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934453
I'm not sure squid is involved, but maybe some of you have already
overcome this kind of trouble through squid or openssl configuration.
If you can get a packet trace and inspect the TLS messages with
wireshark you should be able to determine what is actually happening.
If you can find for certain what the cause of problem is we might be
able to help with solutions (if not obvious to you by then).
Yes, that's a way. But as the provided link mentioned (and also some
issues on SSLLabs), it often looks to be a trouble with SSL server
configuration and even on big or prestigious sites.
I've set the "sslproxy_cert_error" option to "allow all", but despite
this I still get SQUID_ERR_SSL_HANDSHAKE.
Maybe there is a configuration to tell squid to allow (better than the
one above) or to splice in case of such trouble with handshake?
Best regards, Edouard
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
