[squid-users] Squid 4: Cloudflare SSL connection problem
yvoinov at gmail.com
Sun Apr 17 12:59:10 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
17.04.16 15:16, Amos Jeffries пишет:
> On 17/04/2016 4:55 a.m., Yuri Voinov wrote:
>> Still has no ideas?
> Only things I assume you probably already looked at:
> Maybe churn in the CA certificates. Linux and Windows distros have had
> CA cert package updates happen in the past few weeks.
Don't think so, Amos.
We are talking not about clients. We are talking about Squid. Which is
utilize own ca-bundle (in my case), which is got and updated from
Mozilla (heh, the only one place in the world with all CA's.... hehehe)
every week, and manually updated intermediate CA's file.
When I test connect with openssl with this CA - it returned 0 - i.e. no
errors, all CA's validated.
When I test connection with wget from proxy box - all ok, files
And only from LAN these connections got NONE/503. IDK what does it mean.
There is not goes via cache_peer. There is not goes via any parent proxy.
> The ChaCha cipher you mentioned CloudFlare using should not be an issue
> provided your SSL library is able to negotiate some other cipher to be
Yep, this is not cipher issue. I've checked already.
> used. So the cipher sets in your config is something else to look at.
Also checked. No one cipher combinations not work on CF/Mozilla. Oh, it
works on all any sites, of course.
Still in doubt. IDK whats happening.
> squid-users mailing list
> squid-users at lists.squid-cache.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2437 bytes
Desc: not available
More information about the squid-users