Sent from my alcatel U5 On 17/06/2020 09:36, Lukáš Loučanský wrote: > But - according to > https://github.com/squid-cache/squid/commit/eec67f04490a477d69891c8b05a94bea05e5efbfGREASE > - as unknown extensions is meant to be ignored (?). The same said here > https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/d_f6higCJzcBut > - these information are years old - so I guess squid already does the > right thing. > This is not a safe assumption. Squid tries to use the TLS library for as much as possible, but there are many bits like extension handling which have to be rewritten for SSL-Bump to work. Those are all recent code additions. > Anyway - with debug_options ALL,1 83,2: > > 2020/06/16 23:24:34.831 kid2| 83,2| client_side.cc(3180) > parseTlsHandshake: error on FD 22: check failed: vMajor == 3 > exception location: Handshake.cc(119) ParseProtocolVersion > That is somewhat useful. TLS version being received is not valid. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
