[squid-users] TLS renegotiation failing between squids in hierarchy in Squid 4.
manojwajekar93 at gmail.com
Wed Nov 11 15:19:37 UTC 2020
I am currently squid-cache in hierarchy setup, with TLS enabled throughout.
client --> child Squid --> parent Squid --> web server
Openssl version: 1.0.2k
This setup is working for 3.5.20.
But when I updated to squid 4(tried 4.8, 4.11 and 4.13),
initial HTTP request goes through, but TLS renegotiation is failing between
child and parent squid for the following requests.
>From the logs, it looks like child squid is trying to initialize TLS
renegotiating using old TLS session ID, but parent squid is rejecting
I confirm this behavior using openssl s_client --reconnect option.
I tried to disabled client initialed TLS renegotiating by setting
tls-options=NO_TICKET (on child squid), but it is affecting the behavior.
Are there any changes in default TLS renegotiation behavior between squid
3.5 and 4.x?
Is there a way to disable the client (child squid) initialized TLS
renegotiation in squid 4?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users