-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 13/11/2014 3:22 p.m., Jason Haar wrote: > On 13/11/14 15:04, Amos Jeffries wrote: >> Sounds to me like they are using SSLv3 in their server. > > Yes but "openssl s_client -tls1" also works, it just appears that > openssl cannot negotiate it - it has to be hardwired > >> Lookup "SSLv3 POODLE" for what is happening in that area. > > I thought it would be related, so it appears the newest version of > openssl cannot talk to some servers that "only" support TLSv1.0? That > doesn't sound right... If the server responds to either the -ssl3 option or the -tls1 option then it is performing some form of SSLv3 / TLS1.0 compatibility logics. Which are probably screwed up when SSLv3 disappears out of the equation. > > But as you say, once the browsers start breaking, I bet sites will > rapidly get upgraded. Hard to believe, but right now the Bank of New > Zealand doesn't support TLSv1.1, let alone TLSv1.2! Following along in the footsteps of the UK tax dept. They hit this last week. :-) Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUZBlRAAoJELJo5wb/XPRjcX8IANycoz70clz5mjhcMgwxABaa 33i4HrMciwhQU+AtgK22COd4OxK/L2GGFCV6Aapa4xcggsvVQ7B7BvcSSdAX3woF ubhAhQOBc3NY5ZykDDSXnfVUfLIwfkB5xH225wTAmUZM4AWLk4QE/BrH7Q8qUGzh 6pBzlCetI3GqoHPtKCrQPuBt7t4zoAwRPvE23PWSxcwygdIJuUgQN1ZTcjdiGNcm BqW3LxkNTFqE2w5RLaQmLpfD6vOH+CZyrTwW9INOb3vVqsUw2oj2DHPQUoRBvb6x ZhGjnoQ+ta/sRNsbdUL6qVexXcf/+loVRHkhwgmhvIPXHhXrzrYzVsnmvmgKL9s= =4k9a -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
