> On 23 Apr 2015, at 4:21 pm, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > > On 23/04/2015 6:29 p.m., Michael Hendrie wrote: >> Hi All >> >> I’ve been running squid-3.4.x in tproxy mode with ssl_bump >> server-first for some time and has been working great. >> >> I have just moved to 3.5.3 to use peek to overcome some issues with >> sites that require SNI to serve up the correct certificate. In most >> cases this is work well however I seem to have an issue that (so far) >> only effects the Safari web browser with certain sites. As an >> example, https://twitter.com <https://twitter.com/> and >> https://www.openssl.org <https://www.openssl.org/> will result in a >> Safari error page “can’t establish a secure connection with the >> server”. There is also a correlating entry in the cache.log 'Error >> negotiating SSL connection on FD 45: error:140A1175:SSL >> routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback (1/-1)’ > > Please try the latest snapshot of 3.5 series. There are some TLS session > resume and SNI bug fixes. Thanks Amos, but I did try squid-3.5.3-20150420-r13802 before posting….any other suggestions? Michael _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
