Re: [squid-users] RE: TLS v1.2 support

On 16/03/2012 6:50 a.m., Sébastien WENSKE wrote:
> Hi Amos,
>
> I used your patch, but no change:
>
> FATAL: Unknown SSL option 'NO_TLSv1_1'
> Squid Cache (Version 3.1.19-20120306-r10434): Terminated abnormally.
>
> With only NO_SSLv2
> [...]
> 2012/03/15 18:40:52.513| Initializing https proxy context
> 2012/03/15 18:40:52.514| Using SSLv2/SSLv3.
> 2012/03/15 18:40:52.514| Setting RSA key generation callback.
> 2012/03/15 18:40:52.514| Setting certificate verification callback.
> 2012/03/15 18:40:52.514| Setting CA certificate locations.
> 2012/03/15 18:40:52.514| Initializing https_port 172.16.1.10:443 SSL context
> 2012/03/15 18:40:52.514| Using SSLv2/SSLv3.
> 2012/03/15 18:40:52.514| Enabling quiet SSL shutdowns (RFC violation).
> 2012/03/15 18:40:52.515| Using chiper suite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM.
> 2012/03/15 18:40:52.515| Using certificate in xxxxxxxxxxxxxxxxxxxxxxxx
> 2012/03/15 18:40:52.515| Using private key in xxxxxxxxxxxxxxxxxxxxxxxx
> 2012/03/15 18:40:52.515| Comparing private and public SSL keys.
> 2012/03/15 18:40:52.515| Setting RSA key generation callback.
> 2012/03/15 18:40:52.515| Setting CA certificate locations.
> 2012/03/15 18:40:52.515| Not requiring any client certificates
> 2012/03/15 18:40:52.515| leave_suid: PID 3335 called
> 2012/03/15 18:40:52.515| leave_suid: PID 3335 giving up root, becoming 'proxy'
> 2012/03/15 18:40:52.515| command-line -X overrides: ALL,1
>
> strange.... :)

Very. Are you sure there is no other development verion of OpenSSL
hanging around whose header files Squid is using?
  That NO_TLSv1_1 should have been found by any 1.* OpenSSL version,
even if the 1.2 was not present.

Amos

>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: jeudi 15 mars 2012 14:03
> To: Sébastien WENSKE
> Cc: squid-users_at_squid-cache.org
> Subject: Re: [squid-users] RE: TLS v1.2 support
>
> On 16/03/2012 1:09 a.m., Sébastien WENSKE wrote:
>> Thanks Amos for your quick reply,
>>
>> I tried your recommendations but nothing works, I can't get TLS 1.2 to
>> work
>>
>> I get a 404 error on your patch link
> Hmm. Something broken in our personal directory mirroring. Try "west" on that instead of "www".
>
>
> Amos
Received on Fri Mar 16 2012 - 01:52:22 MDT