Search squid archive

TLS client hello tls1.0 even with options "tls_outgoing_options min-version=1.2 options=NO_TLSv1:NO_TLSv1_1"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I've enabled sslbump and configured the following outgoing tls options:

tls_outgoing_options min-version=1.2 options=NO_TLSv1:NO_TLSv1_1 cipher=TLSv1.2:+aRSA:+SHA384:+SHA256:+DH:-kRSA:!PSK:!eNULL:!aNULL:!DSS:!AESCCM:!CAMELLIA:!ARIA

so for me it looks like squid must not use TLS1.1 or TLS1.0.
But for some web sites like
https://www.europarl.europa.eu/doceo/document/LIBE-OJ-2022-12-12-1_EN.html
the first request is made with an tls1.0 client hello packet. 
When I reload the page the proxyserver sends a tls1.2 client hello and the website is shown as expected.

So what option can be used to force a minimum tls1.2 client hello package every time?

Here is a link to the pcap file with both variants: https://bloms.de/download/www.europarl.europa.eu.pcap


-- 
Regards

  Dieter

--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux