[squid-users] Squid 4: Cloudflare SSL connection problem
Yuri Voinov
yvoinov at gmail.com
Tue Apr 12 15:29:19 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
UPDATE:
Every failed connect produce the next sequence in access.log:
1460474791.631 15444 192.168.100.103 NONE_ABORTED/200 0 CONNECT
198.41.215.162:443 - ORIGINAL_DST/198.41.215.162 -
1460474791.658 0 192.168.100.103 NONE/503 3951 GET
https://www.cloudflare.com/* - HIER_NONE/- text/html
Note: 198.41.215.162 is current cloudflare.com IP.
Also: NONE_ABORTED/200 is often occurs in access.log with another
accessible sites.
12.04.16 20:03, Yuri Voinov пишет:
>
> UPDATE:
>
> https://i1.someimage.com/b8w5dFz.png
>
> This is answer from Cloudflare support.
>
> But: 3.5.16 can deal with ECDSA TLS 1.2 but 4.0.8 not?
>
> 12.04.16 17:55, Yuri Voinov пишет:
> > Does anybody faces this problem with 4.0.8:
>
> > https://i1.someimage.com/3lD2cvV.png
>
> > ?
>
> > It accomplished this error in cache.log:
>
> > 2016/04/12 17:39:38 kid1| Error negotiating SSL on FD 54:
> error:00000000:lib(0):func(0):reason(0) (5/0/0)
>
> > and "NONE/503" in access.log.
>
> > Without proxy works like sharm. 3.5.16 with the similar squid.conf
> works like sharm.
>
> > NB: Cloudflare support said, that they key feature for SSL is SNI and
> ECDSA now. AFAIK, 4.0.8 is fully supports this features.
>
> > Any advice will be helpful.
>
> > Yes, I know this looks like DDoS protection on Cloudflare. But WTF?
> Any workaround required. Half-Internet is hosted on Cloudflare.
>
> > WBR, Yuri
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXDRRPAAoJENNXIZxhPexGmZcIAI1gcVCHUjCrDk0vI/f7omMP
ALa5XYk0VrsoOioc5cIh0DuIRN8THqkdXxtRXdKnxC8hgRfvOxN6h7NFilZhVAiT
tvgQkmKxAXXkCXik03AYU5DBoElMDcCgznksAxcckvXGCyWxN7pFwSY2p87WPHa/
5G/K5BTG1rf30OjVYIMPRtsfkHyA5xWIPNHKcbu6bCsV7H+oXh8x8oCNHdF06Q1i
s3U1kiFEudOKC1bMGVY4RJlzqDgGdANsHMSh0/v3rS4it5KBFxPsuz/DDcU1DlkO
MIEMF7FgvxORtgBZPUnxa+sF5gunZqDuv2R2aJuxJpYK2OriOC7+e40dZiw7xpQ=
=/LGq
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160412/ae08c7dc/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160412/ae08c7dc/attachment.key>
More information about the squid-users
mailing list