On 8/8/21 1:48 AM, senor wrote: > Can you point to a patch under test or other changes that we can use > to alleviate this pain? I will probably regret sharing this unfinished work, but our current changes can be found at [1]. A Factory customer has reported successful deployment, but the changes still need a lot of work; the results are not ready for review of any kind. Also, we do not have enough free cycles to port those in-progress changes to your current Squid version, whatever it is. [1] https://github.com/measurement-factory/squid/commit/16a3534 As always, we will post the fix for the official review ASAP. My current ballpark ETA for that is ~6 weeks. HTH, Alex. > From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> on behalf of Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> > Sent: Tuesday, August 3, 2021 1:04 PM > To: squid-users@xxxxxxxxxxxxxxxxxxxxx > Subject: Re: SSL handshake > > FWIW, Factory can reproduce this (popular origin server) problem with > and without Squid. We are adding a Squid enhancement that will work > around the problem (and improve TLS support in general). > > Alex. > >> curl: (35) error:1423506E:SSL routines:ssl_next_proto_validate:bad extension > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
