On 20/04/17 03:44, dij...@gmail.com wrote:
Do you recieve the same error while connecting to
https://www.wikipedia.org?
If you connect to https://91.198.174.192/* directly, your browser
schould warn you about ssl issue; that is because of:
CN = *.wikipedia.org
SAN=
*.wikipedia.org
wikipedia.org
*.m.wikipedia.org
*.zero.wikipedia.org
wikimedia.org
*.wikimedia.org
*.m.wikimedia.org
*.planet.wikimedia.org
mediawiki.org
This certificate is not allowed to be used with IP address (which is
common) and that is the issue I suppose. Certificate is V3 sha256,
which is... perfectly normal.
Huh? With raw-IP there is no SNI, that is all. The TLS is not getting
far enough for the HTTPS message inside the encryption to have any
relevance to the TLS<->Host validation situation.
It is the server cipher being complained about. And with a particular
"unknown" error rather than the more usual "none negotiable" we see a
lot of when configs mis-match.
Amos
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
