that's a broken server the initial client hello handshake to be SSL2
compatible, but then requires immediate protocol upgrade to SSL3 or
TLSv1, but fails if the initial handshake is SSL3 or TLSv1. OpenSSL in
somewhat current versions by default disable all use pf SSLv2 due to
numerous weaknesses in the SSLv2 protocol and is as result normally
sending an SSL3 client hello handshake.
It's likely to hit problems some newer browsers as well, as SSL/TLS
security is being tightened up.
A workaround is to set ciphers to 'ALL:!COMPLEMENTOFDEFAULT' which
somehow magically enables SSLv2 again. But it's not a very good idea as
it may also enable some SSLv2 related attacks.
Regards
Henrik
Henrik,
I have tried adding the line "sslproxy_cipher ALL:!COMPLEMENTOFDEFAULT"
instead of specifying it in the http_port line.
It's still failing negotiation on the abbeynational request.
Any help would be much appreciated.
Thanks
Alex
