tor 2002-12-12 klockan 13.50 skrev alp:
> hi, i am using squid 2.5S1 successfully as ssl-gateway.
> i tried then some of the https_port options:
>
> if i have
> https_port...version=1
> or
> https_port...version=3
> it works.
> but if i use version=2 or version=4, nothing works and i see in cache_log
> the error:
> Error negotiating SSL connection...SSL_3_GET_CLIENT_HELLO: wrong version
> number
>
> is squid only able to use sslv3 or is it my fault?
Use the options= directive instead to control which SSL versions you
(don't) accept. The automatic SSL negotiation method is much more
reliable even if all but a single SSL version is disabled..
For compability reasons most clients sends a SSLv2 hello message,
indicating they can also accept SSLv3 or TLSv1.
A server configured via the version= to only support SSLv3 or TLSv1
won't accept such client hello messages as the hello message is not a
SSLv3 or TLSv1 message, but a server configured in automatic mode with
SSLv2 disabled will.
There is also clients sending SSLv3 or TLSv1 hello messages. These
clients obviously only works with servers supporting the requested
version.
Regards
Henrik
Received on Thu Dec 12 2002 - 07:30:28 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:03 MST