OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: Julien on June 21, 2017, 02:52:18 pm

Title: Proxy server error
Post by: Julien on June 21, 2017, 02:52:18 pm

Dear all,
we are using a Proxy server , some website can't be loaded even I added them to the white list the error keeps showing up.
we are running a Squid version 3.5.25 and https proxy

The following error was encountered while trying to retrieve the URL: https://192.116.242.10/*
Failed to establish a secure connection to 192.116.242.10
The system returned:
(92) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
Handshake with SSL server failed: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.


Can you please advise what to do to get this fixed ?

Title: Re: Proxy server error
Post by: Julien on June 28, 2017, 06:15:50 pm

Any one ?
we have the SSL proxy off until someone can point me to the right directions.

Title: Re: Proxy server error
Post by: fabian on June 28, 2017, 06:26:12 pm

You should check the TLS settings and library (for example OpenSSL, GNUTLS) versions of the server. Your browser should tell you which version is used if you don't use the proxy.

Title: Re: Proxy server error
Post by: Julien on July 01, 2017, 12:41:56 am

Quote from: fabian on June 28, 2017, 06:26:12 pm

You should check the TLS settings and library (for example OpenSSL, GNUTLS) versions of the server. Your browser should tell you which version is used if you don't use the proxy.

thank you for your answer
Can you please advise where exactly to check ?
much appreciate your support.
the errors now is

Code: [Select]

The following error was encountered while trying to retrieve the URL: https://195.8.209.120/*
Failed to establish a secure connection to 195.8.209.120
The system returned:
(92) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
Handshake with SSL server failed: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
This proxy and the remote host failed to negotiate a mutually acceptable security settings for handling your request. It is possible that the remote host does not support secure connections, or the proxy is not satisfied with the host security credentials.

Title: Re: Proxy server error
Post by: fabian on July 01, 2017, 01:55:16 pm

You should check the web server for the supported ciphers and TLS versions. If you navigate to it without the proxy, you can get into the menu showing it by clicking the lock icon in the address bar, then click ">" and click "more information". The should be some info under technical details. (Note: This explanation is Firefox only)

Title: Re: Proxy server error
Post by: Julien on July 02, 2017, 11:38:46 pm

Quote from: fabian on July 01, 2017, 01:55:16 pm

You should check the web server for the supported ciphers and TLS versions. If you navigate to it without the proxy, you can get into the menu showing it by clicking the lock icon in the address bar, then click ">" and click "more information". The should be some info under technical details. (Note: This explanation is Firefox only)

the situation is happening with a lot of websites not only one.
I check them using TLS SSL but can't seem to troubleshoot the errors,
the only solutions now is to disable the proxy SSL until I can find a proper solution.
am I the only one with this error using the proxy server ?