Message with SSL-bump with a specific site ...

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Message with SSL-bump with a specific site ...

Walter H.
Hello,

can some explain what is causing this message

While trying to retrieve the URL: https://www.3bg.at/*
The following error was encountered:
  • Failed to establish a secure connection to 193.138.123.75
The system returned:
    (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

    Handshake with SSL server failed: error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message

Thanks,
Walter


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Message with SSL-bump with a specific site ...

Amos Jeffries
Administrator
On 6/11/18 9:40 AM, Walter H. wrote:
> Hello,
>
> can some explain what is causing this message
>
> While trying to retrieve the URL: https://www.3bg.at/*

Squid was asked to open an HTTPS connection or tunnel to that server.


> The following error was encountered:
>
>   * *Failed to establish a secure connection to 193.138.123.75 *
>

The connection attempt failed.


> The system returned:
> /    (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)/
>

The TCP connection was closed by the OS or OpenSSL with TCP code 71.

Squid is using the SQUID_ERR_SSL_HANDSHAKE to represent what type of
protocol error. To make it clearer that it is not a TCP error but a TLS
handshake error inside the TCP connection.


> Handshake with SSL server failed: error:1408E0F4:SSL
> routines:SSL3_GET_MESSAGE:unexpected message
>

OpenSSL gave this weird string to Squid as the reason for the failure.

A quick search for the string on line find that it means what it says -
 the other end of the connection is delivering something that your
OpenSSL library does not understand.


What that something is and why it is not understood is unknown. One now
has to look at the TCP packet trace to see what went wrong with the TLS
messaging.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users