* Ralf Hildebrandt <Ralf.Hildebrandt_at_charite.de>:
> 2011/01/21 11:25:46| fwdNegotiateSSL: Error negotiating SSL connection on FD 1539: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter (1/-1/0)
> 2011/01/21 11:25:46| fwdNegotiateSSL: Error negotiating SSL connection on FD 281: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter (1/-1/0)
> 2011/01/21 11:25:46| fwdNegotiateSSL: Error negotiating SSL connection on FD 281: error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter (1/-1/0)
>
> I enabled
> # START
> acl BrokenServersAtTrustedIP dst 194.151.178.174/32
> sslproxy_cert_error allow BrokenServersAtTrustedIP
> sslproxy_cert_error deny all
> # ENDE
>
> What am I missing?
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/595415
RAAAH!
% openssl s_client -connect enis.eurotransplant.nl:443
CONNECTED(00000003)
24418:error:14077417:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert illegal parameter:s23_clnt.c:602:
but:
# openssl s_client -ssl3 -connect enis.eurotransplant.nl:443
CONNECTED(00000003)
depth=2 /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
--- Certificate chain ... So, how do I force Squid-3.2 to use SSLv3 for that site? -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.deReceived on Fri Jan 21 2011 - 10:43:57 MST
This archive was generated by hypermail 2.2.0 : Fri Jan 21 2011 - 12:00:07 MST