Hi there I just found I cannot connect to https://www.bnz.co.nz/ using curl on Ubuntu (7.35 compiled against openssl-1.0.1f), whereas https://www.kiwibank.co.nz/ works fine. I first thought it was due to my messing around with ssl-bump, but it happens when I don't go through squid too I have a CentOS-6 server with curl-7.19 (compiled against 1.0.1e) and it works fine. The same happens with "openssl s_client": it works on CentOS but not on Ubuntu - so I think it's the root cause (unless I call it with either "-ssl3" or "-tls1" - explicitly asking for protocols seems to get around the issue with 1.0.1f). It looks like www.bnz.co.nz doesn't negotiate SSL/TLS correctly? Any SSL guru out there willing to explain why newer command line tools don't like www.bnz.co.nz (whereas browsers do - but I hear it's because they "double try" in certain error conditions and basically workaround this kind of issue) Thanks -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
