On 04/23/2015 9:24 am, dweimer wrote:
I upgraded our Reverse proxy from 3.4.12 to 3.5.3 via the FreeBSD ports last night. It has broken our Outlook RPC over HTTPS. OWA and Phones are still connecting with Active Sync, its just the RPC for Outlook anywhere that is broken. Did anyone else have any issues when upgrading from 3.4 branch to 3.5 branch with Outlook RPC?
In case anyone else is having an issue, I found the solution. Which also solved a long standing issue with larger file uploads through OWA/ActiveSync/RPC, that we were having. I had to force the cache peer to use SSLv3 instead of TLSv1.0 by adding sslversion=3 to the cache peer line.
cache_peer 1.1.1.1 parent 443 0 ssl no-query proxy-only no-digest originserver name=exchange2010_parent sslflags=DONT_VERIFY_PEER login=PASSTHRU front-end-https=on connection-auth=on sslversion=3
The HTTPS port line is still enforcing TLSv1.0 or newer, with restricted ciphers.
https_port 1.1.1.2:443 accel cert=... key=... options=NO_SSLv2:NO_SSLv3:CIPHER_SERVER_PREFERENCE cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:+HIGH:+MEDIUM:!SSLv2:!RC4
-- Thanks, Dean E. Weimer http://www.dweimer.net/ _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
