Re: [squid-users] Squid 6.8 SSL_BUMP TLS Error

2024-04-18 Thread Rauch, Mario 
Hello,
We have created a DER version of the PEM certificate which Squid uses and 
imported this into client certificate store using script like this:
certmgr /add DN_SIGNATOR_CA.der /r localMachine /s root

DN_SIGNATOR_CA.der is the self signed certificate

Maybe there must be some additional or changed setting in config from 3.5 > 6.8 
Squid version?
As I wrote on old server with Squid 3.5 and same certificate it worked. Should 
I attach both config files?

Regards,
Mario

Von: squid-users  Im Auftrag von 
Alex Rousskov
Gesendet: Mittwoch, 17. April 2024 19:53
An: squid-users@lists.squid-cache.org
Betreff: Re: [squid-users] Squid 6.8 SSL_BUMP TLS Error

On 2024-04-17 09: 07, Rauch, Mario wrote: > We are receiving following errors 
when clients > want to connect to specific website using ssl bump feature and 
self > signed certificate: > > 2024/04/17 14: 55: 15 kid1| ERROR: failure


On 2024-04-17 09:07, Rauch, Mario wrote:



> We are receiving following errors when clients

> want to connect to specific website using ssl bump feature and self

> signed certificate:

>

> 2024/04/17 14:55:15 kid1| ERROR: failure while accepting a TLS

> connection on conn275 local=185.229.91.169:3128

> remote=81.217.86.125:63673 FD 16 flags=1:

> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1

>

> Does somebody know what the problem could be?



$ openssl errstr A000418

error:0A000418:SSL routines::tlsv1 alert unknown ca



Looks like the client does not trust Squid certificate and tells Squid

about that lack of trust via a TLS alert. Did you configure the client

to trust the certificate your Squid is using for bumping client connections?





HTH,



Alex.





> With old Squid 3.5 it worked with almost same config and certificate.





___

squid-users mailing list

squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org>

https://urldefense.com/v3/__https://lists.squid-cache.org/listinfo/squid-users__;!!Gb9UCRAl!8v8DHhzXtUPSxAheCy_Rh2E-Sywz_Z-_afBDDwJUCCJ0ojG5KeBK_73nBnc3Uo6bz9cIuzHlHwrxDZNznVMO1E0k3oPcDpH5ysNH$<https://urldefense.com/v3/__https:/lists.squid-cache.org/listinfo/squid-users__;!!Gb9UCRAl!8v8DHhzXtUPSxAheCy_Rh2E-Sywz_Z-_afBDDwJUCCJ0ojG5KeBK_73nBnc3Uo6bz9cIuzHlHwrxDZNznVMO1E0k3oPcDpH5ysNH$>
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid 6.8 SSL_BUMP TLS Error

2024-04-17 Thread Rauch, Mario 
Hi,
hope somebody has a hint. We are receiving following errors when clients want 
to connect to specific website using ssl bump feature and self signed 
certificate:

2024/04/17 14:55:15 kid1| ERROR: failure while accepting a TLS connection on 
conn275 local=185.229.91.169:3128 remote=81.217.86.125:63673 FD 16 flags=1: 
SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
current master transaction: master53

Does somebody know what the problem could be?

With old Squid 3.5 it worked with almost same config and certificate.

Regards,
Mario
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid Upgrade from 3.5 > 6.8

2024-03-27 Thread Rauch, Mario 
Hi,
hope somebody can help here.
We have installed following versions on our server:
Squid Cache: Version 3.5.24
Ubuntu 16.04.7 LTS

We now need to upgrade to latest version 6.8 because of security reasons.
Could somebody assist how to upgrade and if we need to change something in our 
current squid.conf?

Regards,
Mario


___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users