Hello, there are some websites like https://www.zeitwertkonten.ruv.de/web/webSealContent/login/login.do which don't send the close_notify alert on shutdown and squid sends an error page to the browser. For a workaround I want to set the SSL_OP_IGNORE_UNEXPECTED_EOF option, but it doesn't work.
I added one of following lines, but everytime squid claims about unknown TLS options. tls_outgoing_options options=SSL_OP_IGNORE_UNEXPECTED_EOF or tls_outgoing_options options=IGNORE_UNEXPECTED_EOF but everytime I get an error message like 2025/10/31 11:56:35 kid1| ERROR: Unknown TLS option SSL_OP_IGNORE_UNEXPECTED_EOF or 2025/10/31 12:53:20 kid1| ERROR: Unknown TLS option IGNORE_UNEXPECTED_EOF My ssl_bump related configlines look like: http_port 8080 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=32MB tls-cert=/secrets/ca.pem tls-dh=/etc/squid/dhparams.pem sslcrtd_program /usr/sbin/security_file_certgen -s /var/cache/squid/sslcert_db -M 32MB sslcrtd_children 32 startup=10 idle=3 tls_outgoing_options capath=/etc/ssl/certs min-version=1.2 tls_outgoing_options options=IGNORE_UNEXPECTED_EOF ssl_bump peek step1 ssl_bump splice nohttpsscandomain ssl_bump bump all I use squid 7.3 on an up to date debian trixie with openssl 3.5.1: Here some details of my system: ~# cat /etc/os-release PRETTY_NAME="Debian GNU/Linux 13 (trixie)" NAME="Debian GNU/Linux" VERSION_ID="13" VERSION="13 (trixie)" VERSION_CODENAME=trixie DEBIAN_VERSION_FULL=13.1 ID=debian HOME_URL="https://www.debian.org/"; SUPPORT_URL="https://www.debian.org/support"; BUG_REPORT_URL="https://bugs.debian.org/"; root@cdxhttpproxyiapdev01-v2465:/etc/squid# squid -v Squid Cache: Version 7.3 Service Name: squid This binary uses OpenSSL 3.5.1 1 Jul 2025. configure options: '--prefix=/usr' '--sysconfdir=/etc/squid' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--localstatedir=/var' '--libexecdir=/usr/sbin' '--datadir=/usr/share/squid' '--mandir=/usr/share/man' '--with-default-user=squid' '--with-filedescriptors=131072' '--with-logdir=/var/log/squid' '--disable-auto-locale' '--disable-eui' '--disable-carp' '--disable-htcp' '--disable-ident-lookups' '--disable-translation' '--disable-wccp' '--disable-wccpv2' '--disable-arch-native' '--disable-auth-negotiate' '--disable-auth-ntlm' '--enable-async-io=128' '--enable-auth-basic=LDAP,NCSA' '--enable-auth-digest=file,LDAP' '--enable-epoll' '--enable-log-daemon-helpers=file' '--enable-icap-client' '--enable-inline' '--enable-snmp' '--enable-disk-io=AIO,DiskThreads,IpcIo,Blocking' '--enable-storeio=ufs,aufs,rock' '--enable-referer-log' '--enable-useragent-log' '--enable-large-cache-files' '--enable-removal-policies=lru,heap' '--enable-follow-x-forwarded -for' '--enable-ssl-crtd' '--with-openssl' 'CFLAGS=-g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -ffile-prefix-map=/=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection' Does anybody know, howto set the SSL Option SSL_OP_IGNORE_UNEXPECTED_EOF -- Regdards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. _______________________________________________ squid-users mailing list [email protected] https://lists.squid-cache.org/listinfo/squid-users
