|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Finally. 1. Squid 4 can be built with LibreSSL. 2. Squid 4 with LibreSSL start supporting CHACHA20_POLY1305 cryptography. 3. Squid 4 with LibreSSL still can't connect with CloudFlare itself. WBR, Yuri. PS. I suggests bug in 4.x branch specific for CF handshake. 15.04.16 0:31, Yuri Voinov пишет: > > Ok, nobody. > > Well. > > I've done my own research. > > My suggestions: > > CloudFlare now uses it's own custom OpenSSL 1.0.2 with very custom patches with CHACHA Poly support. > > This patches is not in upstream. Moreover, OpenSSL team no plans in the foreseeable future to support the latest ciphers. > > So, Squid 4 can't handshake TLS with CF right now. Possible it is Squid 4.x branch bug. Because of 3.5.x does CF handshake. > > LibreSSL does CHACHA right now. > > The question is: > > Amos, does Squid can support LibreSSL and, if no, when you plan to support? > > 14.04.16 20:38, Yuri Voinov пишет: > > > > Any ideas? > > > > > Anybody? > > > > > 13.04.16 2:37, Yuri Voinov пишет: > > > > > > > > I suggests the matter can be openssl not OS: > > > > > > > > > > root @ cthulhu /patch # openssl version -a > > > > > > OpenSSL 1.0.1s 1 Mar 2016 > > > > > > built on: Tue Mar 1 15:42:26 2016 > > > > > > platform: solaris64-x86_64-cc-sunw > > > > > > options: bn(64,64) rc4(16x,int) > des(ptr,cisc,16,int) > > > idea(int) blowfish(ptr) > > > > > > compiler: /opt/solarisstudio12.4/bin/cc -I. -I.. > > > -I../include -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS > -D_REENTRANT > > > -DDSO_DLFCN -DHAVE_DLFCN_H > > > -DPK11_LIB_LOCATION="/usr/lib/64/libpkcs11.so" > -DHAVE_ISSETUGID > > > -DAV_SPARC_FJAES=0 -xO3 -m64 -xstrconst -Xa -DL_ENDIAN > > > -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT > -DOPENSSL_BN_ASM_MONT5 > > > -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM > -DSHA512_ASM > > > -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM > -DWHIRLPOOL_ASM > > > -DGHASH_ASM > > > > > > OPENSSLDIR: "/etc/opt/csw/ssl" > > > > > > > > > > > > > > 13.04.16 2:29, Yuri Voinov пишет: > > > > > > > > > > > > > > > root @ cthulhu /patch # dig > www.cloudflare.com > > > > > > > > > > > > > > > > > > > ; <<>> DiG 9.6-ESV-R11-P4 > > > <<>> > > > > > > www.cloudflare.com > > > > > > > > > > > ;; global options: +cmd > > > > > > > > > > > ;; Got answer: > > > > > > > > > > > ;; ->>HEADER<<- opcode: > QUERY, status: > > > NOERROR, > > > > > > id: 32548 > > > > > > > > > > > ;; flags: qr rd ra; QUERY: 1, ANSWER: > 2, > > > AUTHORITY: 0, > > > > > > ADDITIONAL: 0 > > > > > > > > > > > > > > > > > > > ;; QUESTION SECTION: > > > > > > > > > > > ;www.cloudflare.com. IN > A > > > > > > > > > > > > > > > > > > > ;; ANSWER SECTION: > > > > > > > > > > > www.cloudflare.com. 86400 IN > A > > > > > > 198.41.214.162 > > > > > > > > > > > www.cloudflare.com. 86400 IN > A > > > > > > 198.41.215.162 > > > > > > > > > > > > > > > > > > > ;; Query time: 538 msec > > > > > > > > > > > ;; SERVER: 127.0.0.1#53(127.0.0.1) > > > > > > > > > > > ;; WHEN: Wed Apr 13 02:28:34 ALMT 2016 > > > > > > > > > > > ;; MSG SIZE rcvd: 68 > > > > > > > > > > > > > > > > > > > root @ cthulhu /patch # uname -a > > > > > > > > > > > SunOS cthulhu 5.10 Generic_150401-30 > i86pc i386 > > > i86pc Solaris > > > > > > > > > > > > > > > > > > > But I think OS does not matter here. > > > > > > > > > > > > > > > > > > > 13.04.16 2:02, Eliezer Croitoru пишет: > > > > > > > > > > > > What "dig www.cloudflare.com" > > > > > > > > > > > results with? > > > > > > > > > > > > > > > > > > > > Also what OS are you using? > I am using > > > CentOS 7 up > > > > > > to date... > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Eliezer > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On 12/04/2016 21:39, Yuri > Voinov wrote: > > > > > > > > > > > > > > > > > > > >> root @ cthulhu /patch # > openssl > > > s_client > > > > > > -cipher > > > > > > > > > > > 'ECDHE-ECDSA-AES128-GCM-SHA256' > -connect > > > > > > www.cloudflare.com:443 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > > > > > > > > > > > > > > > squid-users mailing list > > > > > > > > > > > > > > > > > > > > > squid-users@xxxxxxxxxxxxxxxxxxxxx > > > > > > > > > > > > > > > > > > > > > > > http://lists.squid-cache.org/listinfo/squid-users > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXD+QJAAoJENNXIZxhPexGi2UIALGs33SbczbZwpi9DT9gVSzl j7vU7+0AfyUJCu+m8BOF/rHUdxV+7a3zInIe9ujjoS6zurddjuLiUcIfA3wkIaZp LwAz3vVZHCixRuUAjvrlilbesdf3a5iHcQt/7H195/R4iZTV/bEHzfWaR7Z6Aq4e HajrLkPPjGaKTGr0hzrkUoBAFwC5e+VD0tiXxZxy8hNfLqKyKPrsgWfUbjiMV7Wp 41K6hACb8NO5sYob5k79n7+ksbhx7+p4lJMLIIWbzZm4/uBje248yCWzYnFZxeq1 yva0nteVe8WUxIO+eTKoHwKG0g8ZO1OSsET+1LUTiMKV00YX1/dRne67X/6UgAA= =ja0u -----END PGP SIGNATURE----- |
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
