On 14/02/2014 11:35 p.m., Dmitry Melekhov wrote:
> OK, finally, I found that problem is it tls.
>
> As I see in firefox 27.0 tls 1.1 and 1.2 are enabled by default.
>
> So if I change security.tls.version.max from default 3 ( I guess this
> means 1.2 ) to 1 ( 1.0 ? ) site works.
> 2 (1.1? ) doesn't work too.
>From the RFC:
"
This document describes TLS Version 1.2, which uses the version { 3, 3
}. The version value 3.3 is historical, deriving from the use of {3, 1}
for TLS 1.0.
"
... and 1.x and 2.x for the older SSL protocols.
>
> Just because firefox 27.0 works without proxy, I guess there is problem
> with tls 1.1/1.2 in squid.
> I'm right? :-) If yes- is there any way to fix squid?
NO. Squid has nothing to do with the TLS in these requests. All Squid is
doing is relaying the bytes to the web server.
I think the behaviour means the web server only supports SSL, not TLS.
Nasty but it happens sometimes.
Amos
