On 23/04/2015 6:29 p.m., Michael Hendrie wrote: > Hi All > > I’ve been running squid-3.4.x in tproxy mode with ssl_bump > server-first for some time and has been working great. > > I have just moved to 3.5.3 to use peek to overcome some issues with > sites that require SNI to serve up the correct certificate. In most > cases this is work well however I seem to have an issue that (so far) > only effects the Safari web browser with certain sites. As an > example, https://twitter.com <https://twitter.com/> and > https://www.openssl.org <https://www.openssl.org/> will result in a > Safari error page “can’t establish a secure connection with the > server”. There is also a correlating entry in the cache.log 'Error > negotiating SSL connection on FD 45: error:140A1175:SSL > routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback (1/-1)’
Please try the latest snapshot of 3.5 series. There are some TLS session resume and SNI bug fixes. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
