Re: [squid-users] Fwd: Squid 4.8 with OpenSSL 1.1.1d

Alex Really looking forward to this patch being submitted and hopefully accepted. Let me know if it would be helpful for me to do some independent testing of the patch. John > On 6 Jan 2020, at 14:53, Alex Rousskov > wrote: > > On 1/3/20 8:40 AM, Yaroslav Pushko wrote: > >> During estab

Re: [squid-users] Resolved: Peek-and-splice not working when mixing TLS1.3 servers and TLS1.2 clients

Hi Nikolaus This sounds exactly like the symptoms we have encountered. Will build from your patch & test to see if it works in our situation. John. > On 7 Dec 2019, at 13:54, Nikolaus wrote: > >  I was able to solve the issue, fixing both squid-side "error:1425F175:SSL > routines:ssl_ch

Re: [squid-users] Problem with ssl_choose_client_version:inappropriate fallback on some sites when using TLS1.2

Hi Tanner Unfortunately not. We have tried everything we can think of, plus suggested items from this list, with no success. If you figure it out let me know. Many thanks John Sent from my iPhone > On 20 Nov 2019, at 21:34, tannmann wrote: > > Hey John, > > It looks like we have a very

Re: [squid-users] Peek-and-splice not working when mixing TLS1.3 servers and TLS1.2 clients

>> On 22 Sep 2019, at 14:41, Alex Rousskov >> wrote: > On 9/22/19 9:18 AM, Nikolaus wrote: > >> The access.log contains error code / detail "ERR_SECURE_CONNECT_FAIL / >> SQUID_ERR_SSL_HANDSHAKE" - which is not too helpful - but the cache.log >> contains the more detailed "ERROR: negotiating T

[squid-users] Problem with ssl_choose_client_version:inappropriate fallback on some sites when using TLS1.2

Hi All We are trying to run Squid 4.8, compiled with OpenSSL 1.1.1 (see [1]) on Ubuntu 18.04 as a transparent proxy for the purpose of egress filtering of HTTPS traffic using SNI (see config in [2]). It it works correctly when contacting some addresses (e.g. https://www.ubuntu.com) but not others