Hi Steve, On Fri, Oct 31, Steve Hill wrote: > This is probably not a problem with Squid, but I'm posting here in the > hope that someone may have more clue than me when it comes to SSL :) ... > If I force openssl into TLS1 mode (with the -tls1 argument) then it > works fine. TLS 1.1 and 1.2 both fail. However, shouldn't openssl be > negotiating the highest TLS version supported by both server and client? but when the server is broken, it will not work. Have a look at: https://www.ssllabs.com/ssltest/analyze.html?d=www.taxdisc.service.gov.uk > It works correctly when FireFox connects directly to the web server > rather than going through the proxy. yes the browsers have a workaround and try with different cipher suites, when the first connect fails. > So my question is: is the web server broken, or am I misunderstanding > something? The webserver is broken. -- Regards. Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
