[squid-users] ssl_bump peek in squid-3.5.3
Michael Hendrie
michael at hendrie.id.au
Thu Apr 23 06:58:13 UTC 2015
> On 23 Apr 2015, at 4:21 pm, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
> On 23/04/2015 6:29 p.m., Michael Hendrie wrote:
>> Hi All
>>
>> I’ve been running squid-3.4.x in tproxy mode with ssl_bump
>> server-first for some time and has been working great.
>>
>> I have just moved to 3.5.3 to use peek to overcome some issues with
>> sites that require SNI to serve up the correct certificate. In most
>> cases this is work well however I seem to have an issue that (so far)
>> only effects the Safari web browser with certain sites. As an
>> example, https://twitter.com <https://twitter.com/> and
>> https://www.openssl.org <https://www.openssl.org/> will result in a
>> Safari error page “can’t establish a secure connection with the
>> server”. There is also a correlating entry in the cache.log 'Error
>> negotiating SSL connection on FD 45: error:140A1175:SSL
>> routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback (1/-1)’
>
> Please try the latest snapshot of 3.5 series. There are some TLS session
> resume and SNI bug fixes.
Thanks Amos, but I did try squid-3.5.3-20150420-r13802 before posting….any other suggestions?
Michael
More information about the squid-users
mailing list