Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Transparent Squid proxy with SSL MITM errors on Cloudflare websites

    Scheduled Pinned Locked Moved Cache/Proxy
    3 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      krejzi
      last edited by

      Hello.

      On every SSL site, backed by Cloudflare CDN I get squid error: (92) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
      Handshake with SSL server failed: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

      This happens with FULL SSL support settings on Cloudflare site, meaning one SSL cert is provided by Cloudflare, and another one is self signed on the server of the webpage. So I guess with SSL MITM there are 3 certificates in the game and that's why the error? Some forums suggest there is something wrong with openssl on the server, but the latest version of openssl on pfsense is good.

      I tried all combinations in pfsense SSL settings GUI, nothing works. Help appreciated.

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Help: stop using the SSL MITM clusterfuck.

        (And - as already noted elsewhere - with current Squid version that's available on pfSense, this will NOT work on any site that requires SNI. End of story.)

        1 Reply Last reply Reply Quote 0
        • K
          krejzi
          last edited by

          Thank you :)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.