Got frequently now the following error, even if domain is excluded via SSL No Bump List
Failed to establish a secure connection to [unknown]
The system returned:
[No Error] (TLS code: SQUID_TLS_ERR_CONNECT+TLS_IO_ERR=1)
Failed to establish a secure connection: [No Error]
This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.
How to fix this?
here's a couple of hints:
- Does the website work normally without using squid, it could be that the certificate is no longer valid/incorrect, and squid is refusing the connection, also check the TLS version the website is using.
- The website could be referencing 3rd party resources: ex: Javascript, try whitelisting these
- It may be using Certificate pinning and squid still cache a generated MITM so try resetting cached certs in support Tab
PS:MITM is a pain in the ***, good luck
Tls error means that TLS negotiation failed. It could be that the server does not support allowed ciphers or uses unsigned certificate. Your can manually view proxy config in /usr/local/etc/squid.conf I believe. Config file will give you hints what is really configured for squid process. I know for a fact that it will theft unsigned cert and I don't think there is as option in gui to change that - is a security risk though. Most likely though if other websites work and that one doesn't, it's a crappy implementation on the remote end.