On Thu, Feb 28, 2019 at 12:05 AM Stilyan Georgiev <stilyangeorg...@gmail.com> wrote:
> Tried everything , including upgrading the system to version that has > openssl1.1.1-1 , recompiling the package to exclude TLS 1.3 support , using > -- tls_outgoing_options options=NO_TLSv1_3 where NO_TLSv1_3 simply wasn't > recognized as something of use. > TLS1.3 is still being used for sites, and our blocking based on SNI > doesn't work. > > 1 thing left to try - specify list of ciphers where tls1.3 ciphers are not > included. If that doesn't work we're probably switching to nginx , so we > can use their config - ssl_protocols TLSv1.2; as too many hours were > already spent on solving the problem here :( >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
