Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-18 Thread Amos Jeffries
On 19/01/2017 12:53 p.m., Sameh Onaissi wrote: > Hello, Amos… all > > Yuri, thanks for the reply. > > > Amos, > > I added: Thanks to Eliezer) > sslproxy_cert_error allow all > sslproxy_flags DONT_VERIFY_PEER That is a spot-check config to see if TLS is fully broken or if the fix can be done

Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-18 Thread Sameh Onaissi
Hello, Amos… all Yuri, thanks for the reply. Amos, I added: Thanks to Eliezer) sslproxy_cert_error allow all sslproxy_flags DONT_VERIFY_PEER to the config file, I am not too worried about the verification since the accessed sites showing problems are government site or local paying

Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-18 Thread Yuri Voinov
18.01.2017 23:40, Eliezer Croitoru пишет: > Thanks for the detail Amos, > > I noticed that couple major Root CA certificates was revoked so it could be > one thing. > And can you give some more details on how to fetch the certificated using the > openssl tools? > (Maybe redirect towards an

Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-18 Thread Eliezer Croitoru
Thanks for the detail Amos, I noticed that couple major Root CA certificates was revoked so it could be one thing. And can you give some more details on how to fetch the certificated using the openssl tools? (Maybe redirect towards an article about it) I think that if some sites are have issues

Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-18 Thread Amos Jeffries
On 19/01/2017 3:29 a.m., Sameh Onaissi wrote: > Hello Eliezer, all > > Sorry for the late reply. > > When I configure the browser to access a non intercept port, the errors do > not show up and the site is accessed without a problem. > > The client machine has the .crt file installed, but

Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-18 Thread Sameh Onaissi
The server is ubuntu 16.04 Clients are mostly Windows 7 Pro, Windows 8.1 Pro, Windows 10 Pro and a few Mac OS El Capitan 10.11 [cid:2FD1C3AB-E45C-49F0-84AB-0F8AC658BD11@routerb408e2.com]Piensa en el medio ambiente antes de imprimir este email. On Jan 18, 2017, at 9:39 AM, Eliezer Croitoru

Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-15 Thread Eliezer Croitoru
Non intercepted is not bypassed… Squid has coupe options for the “http_port” option. One that you are using is intercept and the other is without intercept. What happens when you try to connect to this website when you are defining another port without “Intercept” and define the proxy in the

Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-14 Thread Amos Jeffries
On 15/01/2017 2:25 p.m., Sameh Onaissi wrote: > Hello, > > I assume bypassed are non intercepted? That depends on whether the bypass is bypassing interception or something else. > Once the site IP is on the bypass list, it opened without an issue. There are a few other .gov.co

Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-14 Thread Sameh Onaissi
Hello, Bypassed is non-intercepted right? The site worked fine when it was added to the bypass list. Other .gov.co sites have the same issue, and I have to add them to bypass list for clients to be able to access them. Here’s the error page before adding to the bypass list:

Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-14 Thread Eliezer Croitoru
I have not experienced this issue on my testing lab when accessing: https://web.dlinkla.com/websys $ squid -v Squid Cache: Version 3.5.23 Service Name: squid configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr'

Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-13 Thread Amos Jeffries
On 14/01/2017 4:27 a.m., Sameh Onaissi wrote: > Hello Eliezer, all, > > > I removed the cipher and the problem is still there: > > > 2017/01/13 10:20:50 kid1| Error negotiating SSL connection on FD 138: > error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca (1/0) The CA used to

Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-13 Thread Sameh Onaissi
Hello Eliezer, all, I removed the cipher and the problem is still there: 2017/01/13 10:20:50 kid1| Error negotiating SSL connection on FD 138: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca (1/0) 2017/01/13 10:21:05 kid1| Error negotiating SSL connection on FD 191:

Re: [squid-users] A bunch of SSL errors I am not sure why

2017-01-12 Thread Eliezer Croitoru
Try removing: cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH From the ssl-bump line and see what happens. http://ngtech.co.il/lmgtfy/ Linux System Administrator Mobile: +972-5-28704261 Email:

[squid-users] A bunch of SSL errors I am not sure why

2017-01-12 Thread Sameh Onaissi
System info: Squid Cache: Version 3.5.22 Ubuntu linux 16.04 Hello, Last couple of days I have started seeing SSL errors in my cache.log which I don’t really understand: http://pastebin.com/mDHVm7cQ My SSL bump configs: http_port 3127 intercept http_port 3128 https_port 3129 intercept ssl-bump