Wireshark flags the next protocol extension as malformed coming from (popular origin server). Alex - Can you point to a patch under test or other changes that we can use to alleviate this pain? The extension is included in the Server Hello due to it being included in the Client Hello. I was hoping there was a way to use tls_outgoing_options but I don't see any relevant options. I think I can comment it out in Handshake.cc but is there a run-time option? Thanks ________________________________________ From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on behalf of Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> Sent: Tuesday, August 3, 2021 1:04 PM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: SSL handshake FWIW, Factory can reproduce this (popular origin server) problem with and without Squid. We are adding a Squid enhancement that will work around the problem (and improve TLS support in general). Alex. > curl: (35) error:1423506E:SSL routines:ssl_next_proto_validate:bad extension _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
