Error Message alert handshake failure

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Error Message alert handshake failure

Walter H.
Hello,

what does this message

2018/08/29 16:11:28 kid1| Error negotiating SSL on FD 22:
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure (1/-1/0)

in cache.log mean?

Thanks,
Walter



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Error Message alert handshake failure

Amos Jeffries
Administrator
On 30/08/18 2:16 AM, Walter H. wrote:
> Hello,
>
> what does this message
>
> 2018/08/29 16:11:28 kid1| Error negotiating SSL on FD 22:
> error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
> failure (1/-1/0)
>
> in cache.log mean?

The OpenSSL used by your proxy is attempting to negotiate some feature
of TLS/SSL the remote server does not like (eg. SSLv3). The remote
server is rejecting the TLS connection. Probably because there is no
alternative feature that it will accept from the one(s) the proxy is
requesting.

If this is happening during a regular proxy->server connection then
likely your OpenSSL config settings need adjusting or library upgrading.

If this is happening during SSL-Bump, that is commonly seen when admin
attempts to restrict the available features to only the modern "safe"
ciphers etc. Only the set which are *also* supported by the client can
be negotiated with the server.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users