[squid-users] TLS renegotiation failing between squids in hierarchy in Squid 4.
Manoj Wajekar
manojwajekar93 at gmail.com
Wed Nov 11 15:19:37 UTC 2020
Hi,
I am currently squid-cache in hierarchy setup, with TLS enabled throughout.
client --> child Squid --> parent Squid --> web server
Openssl version: 1.0.2k
This setup is working for 3.5.20.
But when I updated to squid 4(tried 4.8, 4.11 and 4.13),
initial HTTP request goes through, but TLS renegotiation is failing between
child and parent squid for the following requests.
>From the logs, it looks like child squid is trying to initialize TLS
renegotiating using old TLS session ID, but parent squid is rejecting
session resumption.
I confirm this behavior using openssl s_client --reconnect option.
I tried to disabled client initialed TLS renegotiating by setting
tls-options=NO_TICKET (on child squid), but it is affecting the behavior.
Are there any changes in default TLS renegotiation behavior between squid
3.5 and 4.x?
Is there a way to disable the client (child squid) initialized TLS
renegotiation in squid 4?
Thanks,
Manoj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20201111/d26ae293/attachment.htm>
More information about the squid-users
mailing list