----- Original Message -----
From: Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>
>
> The peer at 10.215.144.21:443 accepted Squid connection and then closed
> it, probably before sending anything to Squid
Thanks Alex.
I was lucky enough to try the following options in cache_peer:
ssloptions=NO_SSLv3,NO_SSLv2,NO_TLSv1_2,NO_TLSv1_1
This solves the issue. I understand it forces using TLS 1.0. In fact, the OWA origin server is a Windows server 2003 and only supports SSLv{2,3} and TLS 1.0.
It seems that Squid delegates SSL to OpenSSL and it's really too bad the latter can't be a little bit more verbose. I know this isn't the right list for this but couldn't OpenSSL simply have logged something regarding "unsupported TLS/SSL versions"? I'm only supposing that without the ssloptions I posted above, openssl will try TLS 1.2 and silently fail if that doesn't succeed.
Regardless, it all seems to be working now, even with Squid 3.5.14.
Thanks again,
Vieri
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
