Re: [squid-users] Squid 3.1 and https ssl aes256 issue

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 05 Jun 2012 14:54:47 +1200

On 03.06.2012 22:23, alextouch wrote:
> Hi
>
> this is my first post... last month I installed a linux ubuntu server
> 12.04
> LTS machine with Squid3 in my organization. This machine works as a
> proxy
> (not transparent proxy) for the web access from clients.
> Proxy is connected to a gateway for internet connection.
> Clients are configured so that all web (http, https, ftp, socks)
> trafic goes
> through the squid proxy.
> All works fine, clients are able to access to all type of internet
> trafic,
> including https sites encrypted with aes128 (like gmail, or
> https://www1.directatrading.com/).
> But no client is able to access to sites encrypted with aes256 (like
> https://www.unicredit.it/)... the browser locks with "Connecting to
> https://www......." and nothing else is displayed on the browser
> itself.
> I searched the net but I wasn't able to find a thread about this
> issue.
> squid.conf is the original one, I added only support for delay-pools
> and
> acls to deny some client to access to certain sites. But even with
> these
> options disabled, the problem is still present.
>
> Does anyone have any idea?

In the standard setup like this Squid has nothing to do with the SSL or
TLS operations. The browser simply opens a CONNECT tunnel through Squid.
The encryption details are negotiated directly between the browser and
origin server.

It is most likely that your clients browsers or SSL libraries are
missing AES-256 support or are getting stuck negotiating to use a
version of TLS/SSL which supports it.

Amos
Received on Tue Jun 05 2012 - 02:54:51 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 05 2012 - 12:00:03 MDT