Transparent Squid proxy with SSL MITM errors on Cloudflare websites

  • Hello.

    On every SSL site, backed by Cloudflare CDN I get squid error: (92) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
    Handshake with SSL server failed: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

    This happens with FULL SSL support settings on Cloudflare site, meaning one SSL cert is provided by Cloudflare, and another one is self signed on the server of the webpage. So I guess with SSL MITM there are 3 certificates in the game and that's why the error? Some forums suggest there is something wrong with openssl on the server, but the latest version of openssl on pfsense is good.

    I tried all combinations in pfsense SSL settings GUI, nothing works. Help appreciated.

  • Banned

    Help: stop using the SSL MITM clusterfuck.

    (And - as already noted elsewhere - with current Squid version that's available on pfSense, this will NOT work on any site that requires SNI. End of story.)

  • Thank you :)

Log in to reply