On 21/03/2014 6:55 a.m., Derek Jones wrote:
> Hi,
>
> Does the Squid cygwin build come with ssl enabled? I installed squid
> using the cygwin setup program. I did NOT run ./configure
> --enable-ssl, but I added the following to my squid.conf and
> everything seems to work just fine, except for one error.
>
> CONF:
>
> # Squid normally listens to port 3128
> http_port 3128 ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB cert=/usr/share/ssl-cert/myCert.pem
>
> #SSL BUMP
> always_direct allow all
> ssl_bump server-first all
> # The following two options are unsafe and not always necessary:
> sslproxy_cert_error allow all
> sslproxy_flags DONT_VERIFY_PEER
>
> ERROR:
>
> kid1: clientNegotiateSSL: Error negotiating SSL connection on FD 125:
> Software caused connection abort (113)
>
>
> Any ideas on potential issues with this?
This is a generic TLS connection error. We see a lot of them when Squid
and server cannot agree on a secure connection cipher, extensions, or
such things.
Amos
Received on Fri Mar 21 2014 - 04:51:37 MDT
This archive was generated by hypermail 2.2.0 : Fri Mar 21 2014 - 12:00:08 MDT