On 30/09/2016 11:23 a.m., Eliezer Croitoru wrote: > Hey Vieri, > > Just as a tiny reply I must admit that it's expected. > What you see is the result of squid and it's ssl stack support the goal of a minimum specific version of ssl encrypted connections. > I am not sure but there might be a way to make it all work for these clients. > Have you tried search the squid-cache lists using google\yahoo\bing\other? Small correction. It is the "Handshake with SSL server failed" (note "server"). After several years of ciphers and SSLv2/v3 protocol things being found to be badly insecure and removed from browser and servers all over the place. It is indeed expected. Firefox works because Mozilla have their own SSL/TLS library built into the browser with modern capabilities. IE uses the WinXP one which is no longer compatible with most of the Internet servers. Squid mimics the client details when contacting the server. So you would get the same problem (though maybe different description) if going directly without the proxy. To get around this you require the latest Squid version (with peek-and-splice feature) doing the "bump" action on these clients traffic so that it can upgrade the TLS/SSL handshake and use some ciphers etc the server will accept on their connections. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
