On 04/09/18 11:20, Amos Jeffries wrote:
On 4/09/18 7:33 PM, Ahmad, Sarfaraz wrote:
With debug_options ALL,9 and retrieving just this page, I found the following
relevant loglines (this is with an explicit CONNECT request) ,
... skip TLS/1.2 clientHello arriving
Later on after about 10 secs
2018/09/04 12:45:58.124 kid1| 83,7| AsyncJob.cc(123) callStart:
Ssl::PeekingPeerConnector status in: [ FD 12 job194686]
2018/09/04 12:45:58.124 kid1| 45,9| cbdata.cc(419) cbdataReferenceValid:
0xf67698
2018/09/04 12:45:58.124 kid1| 83,5| PeerConnector.cc(187) negotiate:
SSL_connect session=0x122c430...
2018/09/04 12:45:58.124 kid1| 24,8| MemBlob.cc(101) memAlloc: blob1555830
memAlloc: requested=82887, received=82887
2018/09/04 12:45:58.124 kid1| 24,7| SBuf.cc(865) reAlloc: SBuf6002798 new store
capacity: 82887
2018/09/04 12:45:58.124 kid1| 24,8| SBuf.cc(139) rawAppendStart: SBuf6002798
start appending up to 65535 bytes
2018/09/04 12:45:58.124 kid1| 83,5| bio.cc(140) read: FD 12 read 0 <= 65535
2018/09/04 12:45:58.124 kid1| 83,5| NegotiationHistory.cc(83)
retrieveNegotiatedInfo: SSL connection info on FD 12 SSL version NONE/0.0
negotiated cipher
2018/09/04 12:45:58.124 kid1| ERROR: negotiating TLS on FD 12:
error:00000000:lib(0):func(0):reason(0) (5/0/0)
... the server delivered 82KB of something which was not TLS/SSL syntax
according to OpenSSL.
I ran 'ufdbpeek', an OpenSSL-based utility that I wrote that peeks at the TLS certificate of a website and it displays a large correct certificate and that (in my case) cipher
ECDHE-RSA-AES256-GCM-SHA384 is used.
OpenSSL 1.0.2k and 1.1.0g have no issues with the certificate nor handshake.
Also sslLabs shows that all is well and that all popular modern browsers and
OpenSSL 0.9.8 and 1.0.1 can connect to the site:
https://www.ssllabs.com/ssltest/analyze.html?d=www.extremetech.com
Marcus
[...]
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
