[squid-users] Skype SSL is incompatible with OpenSSL

From: Jay Jimenez <jay_at_integralvox.com>
Date: Fri, 2 May 2014 18:34:21 +0800

Hi,

I have squid setup that is currently doing transparent SSL
interception. Almost all websites work flawlessly like
https://facebook.com, gmail, banking websites etc. However, when
intercepting SKYPE I've got the following error on my cache.log

2014/05/02 18:18:11 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 166: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number (1/-1)
2014/05/02 18:18:16 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 155: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number (1/-1)
2014/05/02 18:18:16 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 26: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version number (1/-1)
2014/05/02 18:18:21 kid1| clientNegotiateSSL: Error negotiating SSL
connection on FD 34: error:1408F10B:SSL

My Setup:

Our firewall only allows ports 80 and 443 and some business ports
that's why Skype will always be redirected by our WCCP router to the
squid box.

My openssl version is OpenSSL 1.0.1e 11 Feb 2013

My squid version is 3.4. I also tried different Squid versions but failed.

Any help will be greatly appreciated.

Many Thanks,
Jay
Received on Fri May 02 2014 - 10:34:34 MDT

This archive was generated by hypermail 2.2.0 : Fri May 02 2014 - 12:00:03 MDT