[squid-users] Squid 4: Cloudflare SSL connection problem
Yuri Voinov
yvoinov at gmail.com
Sun Apr 17 12:59:10 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
17.04.16 15:16, Amos Jeffries пишет:
> On 17/04/2016 4:55 a.m., Yuri Voinov wrote:
>>
>> So.
>>
>> Still has no ideas?
>>
>
> Only things I assume you probably already looked at:
>
> Maybe churn in the CA certificates. Linux and Windows distros have had
> CA cert package updates happen in the past few weeks.
Don't think so, Amos.
We are talking not about clients. We are talking about Squid. Which is
utilize own ca-bundle (in my case), which is got and updated from
Mozilla (heh, the only one place in the world with all CA's.... hehehe)
every week, and manually updated intermediate CA's file.
When I test connect with openssl with this CA - it returned 0 - i.e. no
errors, all CA's validated.
When I test connection with wget from proxy box - all ok, files
downloaded etc.etc.
And only from LAN these connections got NONE/503. IDK what does it mean.
There is not goes via cache_peer. There is not goes via any parent proxy.
>
>
> The ChaCha cipher you mentioned CloudFlare using should not be an issue
> provided your SSL library is able to negotiate some other cipher to be
Yep, this is not cipher issue. I've checked already.
>
> used. So the cipher sets in your config is something else to look at.
Also checked. No one cipher combinations not work on CF/Mozilla. Oh, it
works on all any sites, of course.
>
>
> Amos
Still in doubt. IDK whats happening.
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXE4ieAAoJENNXIZxhPexGNAcIAMA+m5zFDEvxzR/Q0RWYuiWd
1bCK+7BtYCTUmqD+KAbpBWfWlbgp6e9t0O+G7yzelmvoUugoFqbeyqq6aJUKmW3T
/sN9hsEnBVh644K1U4WNS6UawhsypBYZXQ13UegWNmP/hw54/urrGCNxa2buRFck
8fbCy9ZY92HloWwEUpclsn/mJ2SuzMLLoBUFRji61OtFpgYXn+PHaACerPAYaF7W
JrOrcviQP5Bx1+JIdvbUHM9Q83xFeBXremf87CBAQg4f1fCCf2en24dc/Vj9v+aB
K5hbm7XLCVDmerkb1M3S2RTm8nv4Xx6S9MtyOgnEGO+Qj25FWWZxoqSOycpmqz0=
=lSAK
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160417/f710e70a/attachment.key>
More information about the squid-users
mailing list