On 5/26/20 7:43 PM, hanxie wrote: > The problem is that occasionally requests to "https://pypi.org"; will > time out. I believe you are dealing with a TLS v1.3 server. TLS v1.3 fakes its handshakes to pretend that they are TLS v1.2 handshakes. However, IIRC, those fake handshakes do not end with a plain text ServerHelloDone message like TLS v1.2 handshakes do. Squid v4.9 will wait for that plain text ServerHelloDone which will never come from (some?) TLS v1.3 servers, leading to a timeout. TLS v1.3-related improvements are currently available in Squid v5 (commit 4d714a3) or master/v6 (commits 699ade2 and cd29a42). The corresponding v4 change is coming via https://github.com/squid-cache/squid/pull/648 I do not know whether those changes will solve your specific problem, but trying them could be the best next step. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
