[squid-users] Squid 4: Cloudflare SSL connection problem

Yuri Voinov yvoinov at gmail.com
Sun Apr 17 12:59:10 UTC 2016

Hash: SHA256

17.04.16 15:16, Amos Jeffries пишет:
> On 17/04/2016 4:55 a.m., Yuri Voinov wrote:
>> So.
>> Still has no ideas?
> Only things I assume you probably already looked at:
> Maybe churn in the CA certificates. Linux and Windows distros have had
> CA cert package updates happen in the past few weeks.
Don't think so, Amos.
We are talking not about clients. We are talking about Squid. Which is
utilize own ca-bundle (in my case), which is got and updated from
Mozilla (heh, the only one place in the world with all CA's.... hehehe)
every week, and manually updated intermediate CA's file.

When I test connect with openssl with this CA - it returned 0 - i.e. no
errors, all CA's validated.
When I test connection with wget from proxy box - all ok, files
downloaded etc.etc.

And only from LAN these connections got NONE/503. IDK what does it mean.
There is not goes via cache_peer. There is not goes via any parent proxy.
> The ChaCha cipher you mentioned CloudFlare using should not be an issue
> provided your SSL library is able to negotiate some other cipher to be
Yep, this is not cipher issue. I've checked already.
> used. So the cipher sets in your config is something else to look at.
Also checked. No one cipher combinations not work on CF/Mozilla. Oh, it
works on all any sites, of course.
> Amos
Still in doubt. IDK whats happening.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

Version: GnuPG v2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160417/f710e70a/attachment.key>

More information about the squid-users mailing list