Re: [squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com

2018-05-28 Thread Amos Jeffries
On 29/05/18 00:17, Ahmad, Sarfaraz wrote: > I was wrong. It is not the remote server but Squid itself which is sending a > FIN,ACK after ServerHelloDone. > At 8 seconds, ServerKeyExchange, ServerHelloDone is received by Squid. The > cipher suite looks like (ECDHE+RSA+SHA512 ,wireshark shows rsa_p

Re: [squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com

2018-05-28 Thread Ahmad, Sarfaraz
17, 2018 4:18 PM To: 'squid-users@lists.squid-cache.org' Cc: 'Marcus Kool' Subject: RE: [squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com Guys, Any thoughts ? Regards, Sarfaraz -Original Message- From: Ahmad, Sarfaraz Sent: Wednesday, May 16, 2018

Re: [squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com

2018-05-17 Thread Ahmad, Sarfaraz
Guys, Any thoughts ? Regards, Sarfaraz -Original Message- From: Ahmad, Sarfaraz Sent: Wednesday, May 16, 2018 10:36 AM To: 'Marcus Kool' ; squid-users@lists.squid-cache.org Subject: RE: [squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com I see a message similar

Re: [squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com

2018-05-15 Thread Ahmad, Sarfaraz
s On Behalf Of Marcus Kool Sent: Wednesday, May 16, 2018 1:41 AM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com The proxies that I used for the test have Squid 4.0.22 and Squid 4.0.23. Marcus On 15/05/18 15:40, Amos Jeffries wrote:

Re: [squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com

2018-05-15 Thread Marcus Kool
The proxies that I used for the test have Squid 4.0.22 and Squid 4.0.23. Marcus On 15/05/18 15:40, Amos Jeffries wrote: On 16/05/18 01:32, Marcus Kool wrote: pcmag.com also does not load here, although my config parameters are slightly different. The certificate is indeed huge... Do you have

Re: [squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com

2018-05-15 Thread Amos Jeffries
On 16/05/18 01:32, Marcus Kool wrote: > pcmag.com also does not load here, although my config parameters are > slightly different. > The certificate is indeed huge... > Do you have >    ERROR: negotiating TLS on FD NNN: error:14090086:SSL > routines:ssl3_get_server_certificate:certificate verify fa

Re: [squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com

2018-05-15 Thread Marcus Kool
pcmag.com also does not load here, although my config parameters are slightly different. The certificate is indeed huge... Do you have ERROR: negotiating TLS on FD NNN: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0) or other errors in cache.log ? M

[squid-users] TCP FIN,ACK after ServerHelloDone with pcmag.com

2018-05-15 Thread Ahmad, Sarfaraz
Hi Folks, I am using Squid as a HTTPS interception proxy. When I try to access https://www.pcmag.com , (which is supposed to be bumped in my environment ), I get "unable to forward request at this time" even though the website is perfectly accessible outside of the proxy. A packet capture sugg