Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense transparent mode problem with some https sites such as mail.yahoo.com

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 302 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Ramin-Nodehi
      last edited by

      I need to log full urls visited by users, and because unfortunately only in transparent mode we could get full urls with squid logs in pfsense , so we have been forced to use transparent mode. I checked resolve dns4 ip first and spice whitelist and bump others in squid settings. The problem is that with transparent mode users have problem accessing some https site such as mail.yahoo.com. The error when accessing the site is:
      the following error was encountered while trying to retrieve the URL: https://212.82.100.140/*

      Failed to establish a secure connection to 212.82.100.140

      The system returned:

      (92) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

Handshake with SSL server failed: error:1423506E:SSL routines:ssl_next_proto_validate:bad extension

      when accessing with explicit proxy the site opens normally. But as i said before , i need full url logging and squid does that only in trasnparent mode with strip_query_terms off set in squid.conf. In explicit proxy mode it only logs domain:443 .
      I searched for some days in internet , some documents say it is the openssl problem, some say it is the squid problem. I also tried setting tls_outgoing_options options=ALL in squid.conf but didn't got any success.
      I appreciate any help...

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.