<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello,<br>
<br>
it is a little bitte weird/strange/complicated;<br>
<br>
On 02.11.2018 23:05, Matt Caswell wrote:
<blockquote
cite="mid:39f2fbd8-a9d9-79db-fcba-d1b26e6eb6dd@openssl.org"
type="cite">
<pre wrap="">
On 02/11/2018 21:51, Walter H. wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hello,
when I try to connect to <a class="moz-txt-link-freetext" href="https://www.3bg.at/">https://www.3bg.at/</a>
I get the following error
Handshake with SSL server failed: error:1408E0F4:SSL
routines:SSL3_GET_MESSAGE:unexpected message
but
<a class="moz-txt-link-freetext" href="https://www.ssllabs.com/ssltest/analyze.html?d=www.3bg.at">https://www.ssllabs.com/ssltest/analyze.html?d=www.3bg.at</a>
says its ok ...
is the problem on my side or on their side?
</pre>
</blockquote>
<pre wrap="">
You'll need to give us more information. I can connect to that server
using OpenSSL 1.0.2 s_client.
What version of OpenSSL are you using? Is this with your own application
or from s_client? What ciphersuites have you configured? Any other
relevant configuration that we should know about?
</pre>
</blockquote>
the mentioned error comes with squid - ssl-bump on; <br>
in case I switch it off and have it as normal proxy, then is really
suspisious:<br>
- an old Firefox (17.0.11esr) has no problems, the Sites is shown
and works<br>
<br>
- an older Google Chrome (the last one f. WinXP, v46) gives:<br>
SSL connection error<br>
ERR_SSL_PROTOCOL_ERROR<br>
<br>
- a fork of the latest Pale Moon (Mypal) and an old Palemoon itself
(the last one f. WinXP) gives:<br>
An error occurred during a connection to
<a class="moz-txt-link-abbreviated" href="http://www.3bg.at">www.3bg.at</a>.<br>
Peer’s certificate has an invalid signature.<br>
(Error code: SEC_ERROR_BAD_SIGNATURE)<br>
<br>
what is this strange?<br>
<br>
but what does this mean at the mentioned SSLlabs result:<br>
<br>
<font color="#F88017">Certificate Transparency</font> <font
color="#F88017">No</font><br>
<br>
when I compare to any other site (e.g. my own with Let's encrypt
certificate),<br>
I get<br>
<br>
<font color="green">Certificate Transparency</font> <font
color="green"><b>Yes (certificate)</b></font><br>
<br>
is this caused on my side or on the other side?<br>
<br>
Thanks,<br>
Walter<br>
</body>
</html>