RE: [squid-users] SQUID v2.5 STABLE9

-----Original Message-----
From: Henrik Nordstrom [mailto:hno@squid-cache.org]
Sent: Wednesday, May 11, 2005 5:00 PM
To: Ratti Michele
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] SQUID v2.5 STABLE9

On Wed, 11 May 2005, Ratti Michele wrote:

> Good morning,
>
> I'm tring to make a HTTPS CALL (CONNECT and POST) through SQUID v2.5
> STABLE9 (RPM MANDRAKE) using a WEBLOGIC APPLICATION SERVER v8.1.2. I
> obtain this exception:
> FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to
> negotiate an acceptable set of security parameters.

To me it sounds like your client and server does not agree on what SSL
parameters (cipher / version / hash / whatever) to use, not a Squid
problem.

Does it work if you attempt to go directly, not using the proxy?
>> Directly it works.

If that works, please use ssldump in decode mode to compare the two
sessions. There should not be any difference except
for the initial CONNECT wrapper.

>> I can't try to do an ssldump trace when connecting directly.
>> Here you have SSLDUMP trace I obtain connecting through SQUID:

 New TCP connection #3: 217.220.16.252(57483) <-> 81.21.130.20(443)
3 1 0.0284 (0.0284) C>S SSLv2 compatible client hello
  Version 3.1
  cipher suites
  TLS_RSA_WITH_RC4_128_MD5
  SSL2_CK_RC4
  TLS_RSA_WITH_RC4_128_SHA
  TLS_DHE_DSS_WITH_RC4_128_SHA
  TLS_ECDH_ECDSA_WITH_RC4_128_SHA
  Unknown value 0x4e
  Unknown value 0x2f
  Unknown value 0x35
  TLS_RSA_WITH_3DES_EDE_CBC_SHA
  TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
  TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
  Unknown value 0x50
  TLS_RSA_WITH_DES_CBC_SHA
  TLS_DHE_DSS_WITH_DES_CBC_SHA
  TLS_DHE_RSA_WITH_DES_CBC_SHA
  TLS_ECDH_ECDSA_WITH_DES_CBC_SHA
  Unknown value 0x4f
  TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
  TLS_DHE_DSS_WITH_RC2_56_CBC_SHA
  TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
  TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
  TLS_RSA_EXPORT_WITH_RC4_40_MD5
  SSL2_CK_RC4_EXPORT40
  TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA
  TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA
  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
  TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
  TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
  TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
  TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
  TLS_RSA_WITH_NULL_MD5
  TLS_RSA_WITH_NULL_SHA
  Unknown value 0x47
  TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
  TLS_DH_anon_WITH_RC4_128_MD5
  TLS_DH_anon_WITH_DES_CBC_SHA
  TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
  TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
3 2 0.0662 (0.0377) S>C Handshake
      ServerHello
        Version 3.1
        session_id[32]=
          00 00 00 00 12 21 6b a3 2f c6 42 e7 20 21 c6 11
          46 4e 4e ca b1 89 dc ce 96 11 57 f5 c1 69 4b f1
        cipherSuite TLS_RSA_WITH_RC4_128_MD5
        compressionMethod NULL
      Certificate
      ServerHelloDone
3 3 0.0799 (0.0137) C>S Alert
    level fatal
    value handshake_failure
3 0.0983 (0.0183) S>C TCP FIN
3 0.0984 (0.0000) C>S TCP FIN

Regards
Henrik

>> Please help me.
>> Regards.
>> Michele
Received on Wed May 11 2005 - 09:46:44 MDT