Hi Vieri, Squid 4 fixes it, in my case. Same config, same system. Regards, Marc On Thu, Oct 6, 2016 at 11:00 PM, Marc <gaardiolor@xxxxxxxxx> wrote: > Hi Viery, > > Sorry, copy/paste error, my bad. Please try: > > openssl s_client -quiet -connect www.google.com:443 -tls1 -cipher > RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:DHE-DSS-DES-CBC3-SHA:DHE-DSS-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA > < <(echo -e "GET / HTTP/1.1\nHost: www.google.com\n\n") > That one fails (at least with me). Squid replies with 503 Service > unavailable, SQUID_ERR_SSL_HANDSHAKE . > > Now adding a random extension: > openssl s_client -quiet -connect www.google.com:443 -tls1 -cipher > RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:DHE-DSS-DES-CBC3-SHA:DHE-DSS-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA > -serverinfo 12345 < <(echo -e "GET / HTTP/1.1\nHost: > www.google.com\n\n") > That one succeeds (302 Found). At least with me. The extension doesn't > have to be 12345, some regular ones do the trick as well. But openssl > doesn't always include the existing ones correctly, so I used the > dummy. > > Please let me know. If adding a random extension fixes the error with > you too, well.. It could be a step in the right direction towards > finding the cause of this problem. > > Marc _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
