OK, finally, I found that problem is it tls.
As I see in firefox 27.0 tls 1.1 and 1.2 are enabled by default.
So if I change security.tls.version.max from default 3 ( I guess this
means 1.2 ) to 1 ( 1.0 ? ) site works.
2 (1.1? ) doesn't work too.
Just because firefox 27.0 works without proxy, I guess there is problem
with tls 1.1/1.2 in squid.
I'm right? :-) If yes- is there any way to fix squid?
Thank you!
14.02.2014 14:15, Dmitry Melekhov пишет:
14.02.2014 14:00, Dmitry Melekhov пишет:
Hello!
I run squid 3.4.3.
Users complained they can't connect to following url:
https://kz.grfc.ru/portal/faces/app/materials/active.jspx
I tried to reproduce this and it is always reproducable.
I get - connection was terminated ( back translation from russian )
in firefox 27.0.
This is what I see in squid log:
1392371365.469 47 192.168.22.229 TCP_MISS/200 7 CONNECT
kz.grfc.ru:443 dm HIER_DIRECT/194.165.22.130 -
If I connect site directly (i.e. just over nat, no proxy) - it works
with the same firefox version.
Surprisingly ( I tried this on windows) it works with IE:
1392371835.532 130 192.168.22.111 TCP_MISS/200 26597 CONNECT
kz.grfc.ru:443 dm HIER_DIRECT/194.165.22.130 -
1392371835.620 76 192.168.22.111 TCP_MISS/200 602 CONNECT
kz.grfc.ru:443 dm HIER_DIRECT/194.165.22.130 -
1392371835.645 102 192.168.22.111 TCP_MISS/200 10543 CONNECT
kz.grfc.ru:443 dm HIER_DIRECT/194.165.22.130 -
1392371835.724 78 192.168.22.111 TCP_MISS/200 3354 CONNECT
kz.grfc.ru:443 dm HIER_DIRECT/194.165.22.130 -
1392371835.752 129 192.168.22.111 TCP_MISS/200 17145 CONNECT
kz.grfc.ru:443 dm HIER_DIRECT/194.165.22.130 -
1392371835.805 78 192.168.22.111 TCP_MISS/200 655 CONNECT
kz.grfc.ru:443 dm HIER_DIRECT/194.165.22.130 -
Just because it works on firefox 27.0 directly I guess this is some
incompatibilty between squid and firefox.
Could you tell what can I do to solve this?
Thank you!
btw, just tested firefox 24.3.0.
It works. Just curious, what can prevent 27.0 to work over proxy....
Thank you!
