[squid-users] Resolved: Peek-and-splice not working when mixing TLS1.3 servers and TLS1.2 clients
rousskov at measurement-factory.com
Sat Dec 7 15:10:48 UTC 2019
On 12/7/19 8:54 AM, Nikolaus wrote:
> I would of course be glad if the fix could be merged into the main squid
> repository. If you are a dev, please let me know what you think and if I
> should open a pull request.
FYI: There are two other ongoing and independent efforts related to TLS
v1.3 version handling:
 Fix stalled SslBump-peeked connections from older browsers
 Bug 5011: TLS 1.3 connection get stuck when parsing ServerHello
My team is responsible for . Our unofficial (and currently very
unpolished) code should be ready for the official review in a couple of
weeks. AFAICT from a quick look through your changes, we are working on
the same or a very similar problem. If you can test  in your
environment, please let me know whether it works in your environment.
I am not sure what is the best way to minimize further duplication of
effort here. Here is one option: If  works in your environment, and
you would rather avoid porting your changes to master, then perhaps you
can help with reviewing and backporting  (after it is officially
reviewed) to v4 instead.
If you decide to improve your branch towards its official submission,
please see https://wiki.squid-cache.org/MergeProcedure and keep in mind
that you will need to port your changes to master. Please also consider
_not_ storing the entire array of parsed supported versions if storing
just a couple of them (or storing their implications) is sufficient.
Please also note that SSL_set_max_proto_version() is not available in
OpenSSL v1.0. If Squid still supports that older OpenSSL version, it
would be best to avoid dropping that support because of this change.
If you have technical/development comments regarding , they are
probably best handled as pull request comments on GitHub (or a
discussion on the squid-dev@ mailing list). The squid-users@ mailing
list is not a good place to discuss code.
More information about the squid-users