-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/10/2014 1:30 p.m., Robert Watson wrote: > I believe my problem relates to a previous post regarding TLS > fallback > <http://www.mail-archive.com/squid-users%40squid-cache.org/msg95916.html> > in the squid-users list. Has there been any progress with sslbump > and tls fallback to tls1.0 if tls1.2/tls1.1 fails? > Not specifically that I'm aware of. With TLS version selection should be automatic - provided both endpoints support at least one TLS version. The complications come in when SSLv3 gets involved, since it has a different handshake syntax and various clients/servers have some fancy failover dances perform with various amounts of bugs. You may want to also try 3.5.0.1 when it becomes available in ~3 hrs. The peek-n-splice feature there should have much better TLS behaviour than the older ssl-bump designs. No guarantees though. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUQHgiAAoJELJo5wb/XPRjah4H/jE4WxbJJeDfHjSHVccHpApY rIXd82XRTD0wJ5aGIqCxuL/X3VMf+WPqSvLPP6KGJXVC5TmMy6edsYMY9Mr9p7+7 3l+lt6IUwE1w3r6os2jvywoyiwSDI1DPiKSJ9OKh/gMS6w+8VuOMDlkEU4NEB0qb 1vOmRj+vboha97xZ8OdbgVCimUZq1tFknlhxRl1x4Dfzaf/4Bai+Y42yWSwKl5Y3 V15ML3RE7sAqRuRj9+n8pSXAHi0G9NBghpODYVoBWvXip0rkVnDNbgdILZa7Xh1f OQo9EFbc//xD4OlxCoe0UB1OndilUIgLFUYKWYfqruOABCUG3kL4aa0VEzQDrNc= =anIc -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
