On 30/08/18 2:16 AM, Walter H. wrote:
> what does this message
> 2018/08/29 16:11:28 kid1| Error negotiating SSL on FD 22:
> error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
> failure (1/-1/0)
> in cache.log mean?
The OpenSSL used by your proxy is attempting to negotiate some feature
of TLS/SSL the remote server does not like (eg. SSLv3). The remote
server is rejecting the TLS connection. Probably because there is no
alternative feature that it will accept from the one(s) the proxy is
If this is happening during a regular proxy->server connection then
likely your OpenSSL config settings need adjusting or library upgrading.
If this is happening during SSL-Bump, that is commonly seen when admin
attempts to restrict the available features to only the modern "safe"
ciphers etc. Only the set which are *also* supported by the client can
be negotiated with the server.