On 15/04/2016 6:31 a.m., Yuri Voinov wrote: > > Ok, nobody. > > Well. > > I've done my own research. > > My suggestions: > > CloudFlare now uses it's own custom OpenSSL 1.0.2 with very custom > patches with CHACHA Poly support. > > This patches is not in upstream. Moreover, OpenSSL team no plans in the > foreseeable future to support the latest ciphers. > > So, Squid 4 can't handshake TLS with CF right now. Possible it is Squid > 4.x branch bug. Because of 3.5.x does CF handshake. > > LibreSSL does CHACHA right now. > > The question is: > > Amos, does Squid can support LibreSSL and, if no, when you plan to support? Yes Squid does support LibreSSL. You can build against it with the --with-openssl configure option, maybe using a =path parameter to ensure it dont find an OpenSSL install. The difference between LibreSSL and OpenSSL is likely to be more visible in the squid.conf settings that it will accept and those that it rejects. They are still basically the same but I know that the LibreSSL guys are being very proactive removing old things like SSLv2 support. So those config options wont work even when Squid-3.5 normally would accepts them with OpenSSL. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
