Thanks Amos, good to know. I didn’t see your original reply for some reason; sorry about that. I thought I had read that these sort of errors could be avoided in Squid-4: Error negotiating SSL connection on FD 66: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher (1/-1) But now I can’t even a source for that … I need to spend some quality time with Google I think. > On 24 Feb 2016, at 5:50 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > > On 23/02/2016 1:05 p.m., Dan Charlesworth wrote: >> I'm bumping this question back up, because I also would like to know. >> >> We'd rather not need users of our squid-based software to need to deploy >> new CentOS 7 servers to run it. >> > > My reply to Jason on the 12th has not changed. A full system upgrade > should not be required, just a parallel compiler installation, or VM for > testing with if you do want to go the whole way. > > While there are a lot of TLS/SSL related patches going into Squid-4, the > one that stick there should largely be cosmetic code shuffling or > renaming for later improvements. We are trying to get the bug fixes > backported to 3.5 still. If you are aware of one that got missed and is > causing pain please let us/Christos know. > >> >> On 12 February 2016 at 19:59, Jason Haar wrote: >> >>> Hi there >>> >>> Given the real work on ssl-bump seems to be in squid-4, I thought to try >>> it out. Unfortunately, we're using CentOS-6 and the compilers are too >>> old? (gcc-c++-4.4.7/clang-3.4.2) >>> >>> CentOS-7 should be fine - but replacing an entire system just to have a >>> play is a bit too much to ask, so has anyone figured out how to get >>> squid-4 working on such older systems? >>> > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
