Re: Squid 4: Cloudflare SSL connection problem

Yuri Voinov <yvoinov@xxxxxxxxx> · Tue, 12 Apr 2016 21:29:19 +0600



    -----BEGIN PGP SIGNED MESSAGE----- 

    Hash: SHA256 

     
    UPDATE:

    
    Every failed connect produce the next sequence in access.log:

    
    1460474791.631  15444 192.168.100.103 NONE_ABORTED/200 0 CONNECT
    198.41.215.162:443 - ORIGINAL_DST/198.41.215.162 -

    1460474791.658      0 192.168.100.103 NONE/503 3951 GET
    https://www.cloudflare.com/* - HIER_NONE/- text/html

    
    Note: 198.41.215.162 is current cloudflare.com IP.

    
    Also: NONE_ABORTED/200 is often occurs in access.log with another
    accessible sites.

    
    12.04.16 20:03, Yuri Voinov пишет:

    >

      > UPDATE:

      >

      > https://i1.someimage.com/b8w5dFz.png

      >

      > This is answer from Cloudflare support.

      >

      > But: 3.5.16 can deal with ECDSA TLS 1.2 but 4.0.8 not?

      >

      > 12.04.16 17:55, Yuri Voinov пишет:

      > > Does anybody faces this problem with 4.0.8:

      >

      > > https://i1.someimage.com/3lD2cvV.png

      >

      > > ?

      >

      > > It accomplished this error in cache.log:

      >

      > > 2016/04/12 17:39:38 kid1| Error negotiating SSL on FD
      54:

      > error:00000000:lib(0):func(0):reason(0) (5/0/0)

      >

      > > and "NONE/503" in access.log.

      >

      > > Without proxy works like sharm. 3.5.16 with the similar
      squid.conf

      > works like sharm.

      >

      > > NB: Cloudflare support said, that they key feature for
      SSL is SNI and

      > ECDSA now. AFAIK, 4.0.8 is fully supports this features.

      >

      > > Any advice will be helpful.

      >

      > > Yes, I know this looks like DDoS protection on
      Cloudflare. But WTF?

      > Any workaround required. Half-Internet is hosted on
      Cloudflare.

      >

      > > WBR, Yuri

      >

      >

    
    -----BEGIN PGP SIGNATURE-----


    Version: GnuPG v2


    iQEcBAEBCAAGBQJXDRRPAAoJENNXIZxhPexGmZcIAI1gcVCHUjCrDk0vI/f7omMP


    ALa5XYk0VrsoOioc5cIh0DuIRN8THqkdXxtRXdKnxC8hgRfvOxN6h7NFilZhVAiT


    tvgQkmKxAXXkCXik03AYU5DBoElMDcCgznksAxcckvXGCyWxN7pFwSY2p87WPHa/


    5G/K5BTG1rf30OjVYIMPRtsfkHyA5xWIPNHKcbu6bCsV7H+oXh8x8oCNHdF06Q1i


    s3U1kiFEudOKC1bMGVY4RJlzqDgGdANsHMSh0/v3rS4it5KBFxPsuz/DDcU1DlkO


    MIEMF7FgvxORtgBZPUnxa+sF5gunZqDuv2R2aJuxJpYK2OriOC7+e40dZiw7xpQ=


    =/LGq


    -----END PGP SIGNATURE-----


Attachment:
0x613DEC46.asc

Description: application/pgp-keys
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users