Search squid archive

Re: SSL bump fails accessing .gov.uk servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Steve,

On Fri, Oct 31, Steve Hill wrote:

> This is probably not a problem with Squid, but I'm posting here in the
> hope that someone may have more clue than me when it comes to SSL :)

...

> If I force openssl into TLS1 mode (with the -tls1 argument) then it
> works fine.  TLS 1.1 and 1.2 both fail.  However, shouldn't openssl be
> negotiating the highest TLS version supported by both server and client?

but when the server is broken, it will not work.
Have a look at:

https://www.ssllabs.com/ssltest/analyze.html?d=www.taxdisc.service.gov.uk

> It works correctly when FireFox connects directly to the web server
> rather than going through the proxy.

yes the browsers have a workaround and try with different cipher suites,
when the first connect fails.

> So my question is: is the web server broken, or am I misunderstanding
> something?

The webserver is broken.


-- 
Regards.

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux