• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Error accessing sites with HTTPS

Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
3 Posts 3 Posters 1.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    admclayton
    last edited by Oct 18, 2017, 11:05 AM

    Dear,

    I own pfsense v2.3.4 as a virtual machine with Squid + Squidguard + integrated with AD with transparent proxy, it worked perfectly after some users started reporting problems on access to some HTTPS site, and displayed an error message when accessing this sites

    The following error was encountered while trying to retrieve the URL: https://www.fedex.com/*

    Failed to establish a secure connection with 104.80.1.146

    The system returned:

    (92) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
    Handshake with SSL server failed: error: 14077410: SSL routines: SSL23_GET_SERVER_HELLO: sslv3 alert handshake failure

    This proxy and the remote host failed to negotiate an acceptable security configuration between them to fulfill your request. It is possible that the remote host does not support secure connections or that the proxy is not satisfied with the host security credentials.

    Has anyone had this problem?

    1 Reply Last reply Reply Quote 0
    • G
      Grimson Banned
      last edited by Oct 18, 2017, 11:35 AM

      @admclayton:

      The system returned:

      (92) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
      Handshake with SSL server failed: error: 14077410: SSL routines: SSL23_GET_SERVER_HELLO: sslv3 alert handshake failure

      SSL V2 and V3 are long broken and should no longer be used on servers and clients. So disable it on pfSense and advise your users to use up to date browsers.

      If there are still websites that rely on SSL V2/3 then you could try to contact their operators or stop using them.

      1 Reply Last reply Reply Quote 0
      • C
        chris4916
        last edited by Oct 18, 2017, 12:26 PM

        I would be very glad to learn how you have successfuly configured transparent HTTP (S) proxy along with AD (which I translate as "authentication")

        Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

        1 Reply Last reply Reply Quote 0
        1 out of 3
        • First post
          1/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received