Re: [squid-users] Re: https for one site doesn't work over squid

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 14 Feb 2014 23:54:10 +1300

On 14/02/2014 11:35 p.m., Dmitry Melekhov wrote:
> OK, finally, I found that problem is it tls.
>
> As I see in firefox 27.0 tls 1.1 and 1.2 are enabled by default.
>
> So if I change security.tls.version.max from default 3 ( I guess this
> means 1.2 ) to 1 ( 1.0 ? ) site works.
> 2 (1.1? ) doesn't work too.

From the RFC:
"
This document describes TLS Version 1.2, which uses the version { 3, 3
}. The version value 3.3 is historical, deriving from the use of {3, 1}
for TLS 1.0.
"
... and 1.x and 2.x for the older SSL protocols.

>
> Just because firefox 27.0 works without proxy, I guess there is problem
> with tls 1.1/1.2 in squid.
> I'm right? :-) If yes- is there any way to fix squid?

NO. Squid has nothing to do with the TLS in these requests. All Squid is
doing is relaying the bytes to the web server.

I think the behaviour means the web server only supports SSL, not TLS.
Nasty but it happens sometimes.

Amos
Received on Fri Feb 14 2014 - 10:54:29 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 14 2014 - 12:00:04 MST