Search squid archive

Re: SQUID 4.12 (Debian 10, OpenSSL 1.1.1d) - SSL bump no server helllo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Sent from my alcatel U5
On 17/06/2020 09:36, Lukáš Loučanský wrote:


> But - according to 
> https://github.com/squid-cache/squid/commit/eec67f04490a477d69891c8b05a94bea05e5efbfGREASE 
> - as unknown extensions is meant to be ignored (?). The same said here 
> https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/d_f6higCJzcBut 
> - these information are years old - so I guess squid already does the 
> right thing.
>

This is not a safe assumption. Squid tries to use the TLS library for as much as possible, but there are many bits like extension handling which have to be rewritten for SSL-Bump to work. Those are all recent code additions.


> Anyway - with debug_options ALL,1 83,2:
>
> 2020/06/16 23:24:34.831 kid2| 83,2| client_side.cc(3180) 
> parseTlsHandshake: error on FD 22: check failed: vMajor == 3
>     exception location: Handshake.cc(119) ParseProtocolVersion
>

That is somewhat useful. TLS version being received is not valid.


Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux