I am running a squid built from source, not ebuild. After upgrading to dev-libs/openssl-0.9.6i-r1 squid is refusing SSL connections, and issuing the following cache.log entry for every attempted connect. Downgrading to dev-libs/openssl-0.9.6i makes the problem go away. Further investigation is in progress. clientNegotiateSSL: Error negotiating SSL connection on FD 16: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac.
I can reproduce this on another box. incoming ssh works with rsa and dsa keys, but incoming https to squid fails as described. Further investigation is in progress.
Have you tried to rebuild squid?
Things I have tried that didnt help: 1. last years expired keys from a different CA 2. recompiling squid 3. backing out our private patches, back to a standard 2.5.stable1 Have raised this on the squid list....
Is this still a problem?
The problem still stands with -r1. I havent tried -r2; I am still using openssl-0.9.6i. I raised the problem on the squid list, but with no reply. Ive seen no mention of this affecting anyone except me, so I think its safe to leave it marked as resolved.
Ive found some time for another look at this. My problem squid is running in a chroot jail. I see the reported problem only if: 1. It is running chroot 2. It is using dev-libs/openssl-0.9.6i-r1 or dev-libs/openssl-0.9.6i-r2 I can make the problem go away by: a. downgrading to dev-libs/openssl-0.9.6i (as in the original report) b. not running chroot. This is very strange. All the files in the jail are synchronised with the real root, and -r1 doesnt change anything that should be relevant to chroot. There is no obvious difference between the two processes, looking in /proc/X/maps and /proc/X/fd.
as requested