'Re: [squid-users] SSL errors with Squid 3.5.27'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squid-users
Subject:    Re: [squid-users] SSL errors with Squid 3.5.27
From:       "Julian Perconti" <vh1988 () yahoo ! com ! ar>
Date:       2018-06-28 16:32:55
Message-ID: 005301d40efd$ad002690$070073b0$ () yahoo ! com ! ar
[Download RAW message or body]

Hi all:

Finally I migrate everything to debian 9 with openssl 1.1 and squid 4 (june 22/18) \
reléase (the last one).

Everything seems to go very well.

However, the dropbox client logs this error in cache.log:

kid1| ERROR: negotiating TLS on FD 35: error:141710F8:SSL \
routines:tls_process_server_hello:unknown cipher returned (1/-1/0)

squid version:

Squid Cache: Version 4.0.25-20180621-r887c98a
Service Name: squid

This binary uses OpenSSL 1.1.0f  25 May 2017. For legal restrictions on distribution \
see https://www.openssl.org/source/license.html

configure options:  '--prefix=/usr' '--build=x86_64-linux-gnu' \
'--localstatedir=/var/squid' '--libexecdir=/lib/squid' '--srcdir=.' \
'--datadir=/share/squid' '--sysconfdir=/etc/squid' '--with-default-user=proxy' \
'--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-openssl' \
'--enable-ssl-crtd' '--mandir=/share/man' '--enable-storeio=ufs,aufs,diskd' \
'--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-icap' \
'--enable-cache-digests' 'build_alias=x86_64-linux-gnu' --enable-ltdl-convenience

openssl version and ciphers:

OpenSSL 1.1.0f  25 May 2017

ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:EC \
DHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDH \
E-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE- \
ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-S \
HA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-A \
ES256-SHA:DHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES12 \
8-SHA:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DH \
E-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:AES256-GCM-SHA384:PSK-AES256-GCM-S \
HA384:PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:AES128 \
-GCM-SHA256:PSK-AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:ECDHE-PSK-AES256-CBC-SHA \
384:ECDHE-PSK-AES256-CBC-SHA:SRP-RSA-AES-256-CBC-SHA:SRP-AES-256-CBC-SHA:RSA-PSK-AES25 \
6-CBC-SHA384:DHE-PSK-AES256-CBC-SHA384:RSA-PSK-AES256-CBC-SHA:DHE-PSK-AES256-CBC-SHA:A \
ES256-SHA:PSK-AES256-CBC-SHA384:PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-P \
SK-AES128-CBC-SHA:SRP-RSA-AES-128-CBC-SHA:SRP-AES-128-CBC-SHA:RSA-PSK-AES128-CBC-SHA25 \
6:DHE-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA:DHE-PSK-AES128-CBC-SHA:AES128-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA


squid.conf ciphers:

tls_outgoing_options \
cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

I still have not tried what happen with whatsapp from iOS (original problem)

Any ideas? Fix?

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic