On 22 Sep 2019, at 14:41, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 9/22/19 9:18 AM, Nikolaus wrote:The access.log contains error code / detail "ERR_SECURE_CONNECT_FAIL /
SQUID_ERR_SSL_HANDSHAKE" - which is not too helpful - but the cache.log
contains the more detailed "ERROR: negotiating TLS on FD 19:
error:1425F175:SSL routines:ssl_choose_client_version:inappropriate
fallback (1/-1/0)".
Is a TLS fallback prevention mechanism kicking in by error? If so, how
to fix it?
I do not know the answers to your questions, but I am sure that it ispossible to figure it out by looking at either packet captures ordetailed debugging logs. Unfortunately, I do not have enough free timeto guide you through this triage. There were several similar complainsabout "inappropriate fallback" errors on this list recently. I wouldstart by revisiting those threads for more clues.Alex
Unfortunately we have not been able to work out the inappropriate fallback issue described http://lists.squid-cache.org/pipermail/squid-users/2019-September/021047.html. If you do fix your issue, please do share. John |
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
