On 9/20/19 10:53 AM, Nikolaus wrote: > If server and squid use TLS 1.3, but client only supports TLS 1.2: The > client terminates the connection due to certificate verification errors. > > I have had a look at what happens at TLS protocol level using wireshark, > and it seems that in the latter case, squid - for some reason - performs > (something similar to) bumping instead of splicing! Bumping happens when a splicing Squid wants to report an SslBump-related error to the client. > How can I get the splicing setup working when mixing TLS 1.3 servers and > TLS 1.2 clients? I do not know the exact answer to that question, but I would start by figuring out what error Squid is trying to serve to the client. You may be able to figure it out by looking at the corresponding access.log records, especially if you log %err_code and %err_detail. In the worst case, enabling and looking at debugging info in cache.log may be necessary, but I would start with access.log anyway. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
