[squid-users] squid reverse proxy (accelerator) for MS Exchange OWA
Alex Rousskov
rousskov at measurement-factory.com
Wed Jan 25 15:10:25 UTC 2017
On 01/25/2017 12:45 AM, Vieri wrote:
> From: Alex Rousskov
>> The peer at 10.215.144.21:443 accepted Squid connection and then closed
>> it, probably before sending anything to Squid
> It seems that Squid delegates SSL to OpenSSL and it's really too bad
> the latter can't be a little bit more verbose. I know this isn't the
> right list for this but couldn't OpenSSL simply have logged something
> regarding "unsupported TLS/SSL versions"?
If my reconstruction of the events was correct, then OpenSSL supplied as
much information as it could -- the "unsupported TLS/SSL versions" is
_your_ conclusion based on the information that neither Squid nor
OpenSSL had access to.
> I'm only supposing that
> without the ssloptions I posted above, openssl will try TLS 1.2 and
> silently fail if that doesn't succeed.
It takes two to tango. How silent that failure is depends, in part, on
the server. AFAICT, your server was 100% silent about the reason behind
its abrupt connection closure, and OpenSSL correctly declined to
speculate about those reasons due to lack of info. From OpenSSL/client
point of view, it could have been anything from an unsupported TLS
version to a crashed server.
Glad you figured it out!
Alex.
More information about the squid-users
mailing list