[squid-users] Squid 4: Cloudflare SSL connection problem
yvoinov at gmail.com
Wed Apr 20 11:48:07 UTC 2016
The latest tests shows that Squid for unknown reasons do outgoing
connection using IPv6 only.
Which leads to "Network unreacheble" with my ISP - it does not support IPv6.
Full wireshark dumps for single outgoing transaction attached to bug
20.04.16 17:14, Eliezer Croitoru пишет:
> Hey Yuri,
> I think that the bug solution or identification is requiring a full
> tcpdump trace for a single request as was mentioned on the bug report:
> I have opened the port to my proxy, so you would be able to run couple
> requests to verify that your curl and wget and other clients doesn't
> have this "handshake" issue when accessing https://cloudflare.com
> using my local testing proxy.
> Send me privately your origin IP address so I would add an exception
> in my proxy for it.
> On 12/04/2016 14:55, Yuri Voinov wrote:
>> Does anybody faces this problem with 4.0.8:
>> It accomplished this error in cache.log:
>> 2016/04/12 17:39:38 kid1| Error negotiating SSL on FD 54:
>> error:00000000:lib(0):func(0):reason(0) (5/0/0)
>> and "NONE/503" in access.log.
>> Without proxy works like sharm. 3.5.16 with the similar squid.conf
>> works like sharm.
>> NB: Cloudflare support said, that they key feature for SSL is SNI and
>> ECDSA now. AFAIK, 4.0.8 is fully supports this features.
>> Any advice will be helpful.
>> Yes, I know this looks like DDoS protection on Cloudflare. But WTF?
>> Any workaround required. Half-Internet is hosted on Cloudflare.
>> WBR, Yuri
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
> squid-users mailing list
> squid-users at lists.squid-cache.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users