On 01/25/2017 12:45 AM, Vieri wrote: > From: Alex Rousskov >> The peer at 10.215.144.21:443 accepted Squid connection and then closed >> it, probably before sending anything to Squid > It seems that Squid delegates SSL to OpenSSL and it's really too bad > the latter can't be a little bit more verbose. I know this isn't the > right list for this but couldn't OpenSSL simply have logged something > regarding "unsupported TLS/SSL versions"? If my reconstruction of the events was correct, then OpenSSL supplied as much information as it could -- the "unsupported TLS/SSL versions" is _your_ conclusion based on the information that neither Squid nor OpenSSL had access to. > I'm only supposing that > without the ssloptions I posted above, openssl will try TLS 1.2 and > silently fail if that doesn't succeed. It takes two to tango. How silent that failure is depends, in part, on the server. AFAICT, your server was 100% silent about the reason behind its abrupt connection closure, and OpenSSL correctly declined to speculate about those reasons due to lack of info. From OpenSSL/client point of view, it could have been anything from an unsupported TLS version to a crashed server. Glad you figured it out! Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
