Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Error accessing sites with HTTPS

    Problems Installing or Upgrading pfSense Software
    3
    3
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      admclayton
      last edited by

      Dear,

      I own pfsense v2.3.4 as a virtual machine with Squid + Squidguard + integrated with AD with transparent proxy, it worked perfectly after some users started reporting problems on access to some HTTPS site, and displayed an error message when accessing this sites

      The following error was encountered while trying to retrieve the URL: https://www.fedex.com/*

      Failed to establish a secure connection with 104.80.1.146

      The system returned:

      (92) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
      Handshake with SSL server failed: error: 14077410: SSL routines: SSL23_GET_SERVER_HELLO: sslv3 alert handshake failure

      This proxy and the remote host failed to negotiate an acceptable security configuration between them to fulfill your request. It is possible that the remote host does not support secure connections or that the proxy is not satisfied with the host security credentials.

      Has anyone had this problem?

      1 Reply Last reply Reply Quote 0
      • GrimsonG
        Grimson Banned
        last edited by

        @admclayton:

        The system returned:

        (92) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
        Handshake with SSL server failed: error: 14077410: SSL routines: SSL23_GET_SERVER_HELLO: sslv3 alert handshake failure

        SSL V2 and V3 are long broken and should no longer be used on servers and clients. So disable it on pfSense and advise your users to use up to date browsers.

        If there are still websites that rely on SSL V2/3 then you could try to contact their operators or stop using them.

        1 Reply Last reply Reply Quote 0
        • C
          chris4916
          last edited by

          I would be very glad to learn how you have successfuly configured transparent HTTP (S) proxy along with AD (which I translate as "authentication")

          Jah Olela Wembo: Les mots se muent en maux quand ils indisposent, agressent ou blessent.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.