Search squid archive

Re: squid reverse proxy (accelerator) for MS Exchange OWA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/25/2017 12:45 AM, Vieri wrote:
> From: Alex Rousskov
>> The peer at 10.215.144.21:443 accepted Squid connection and then closed
>> it, probably before sending anything to Squid

> It seems that Squid delegates SSL to OpenSSL and it's really too bad
> the latter can't be a little bit more verbose. I know this isn't the
> right list for this but couldn't OpenSSL simply have logged something
> regarding "unsupported TLS/SSL versions"? 

If my reconstruction of the events was correct, then OpenSSL supplied as
much information as it could -- the "unsupported TLS/SSL versions" is
_your_ conclusion based on the information that neither Squid nor
OpenSSL had access to.


> I'm only supposing that
> without the ssloptions I posted above, openssl will try TLS 1.2 and
> silently fail if that doesn't succeed.

It takes two to tango. How silent that failure is depends, in part, on
the server. AFAICT, your server was 100% silent about the reason behind
its abrupt connection closure, and OpenSSL correctly declined to
speculate about those reasons due to lack of info. From OpenSSL/client
point of view, it could have been anything from an unsupported TLS
version to a crashed server.

Glad you figured it out!

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux