At jun, Firefox will drop entirely it support for sslv3.<br><div class="gmail_quote">On Thu, Apr 23, 2015 at 11:11 PM Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 24/04/2015 7:11 a.m., dweimer wrote:<br>
> On 04/23/2015 9:24 am, dweimer wrote:<br>
>> I upgraded our Reverse proxy from 3.4.12 to 3.5.3 via the FreeBSD<br>
>> ports last night. It has broken our Outlook RPC over HTTPS. OWA and<br>
>> Phones are still connecting with Active Sync, its just the RPC for<br>
>> Outlook anywhere that is broken.<br>
>><br>
>> Did anyone else have any issues when upgrading from 3.4 branch to 3.5<br>
>> branch with Outlook RPC?<br>
><br>
> In case anyone else is having an issue, I found the solution. Which also<br>
> solved a long standing issue with larger file uploads through<br>
> OWA/ActiveSync/RPC, that we were having. I had to force the cache peer<br>
> to use SSLv3 instead of TLSv1.0 by adding sslversion=3 to the cache peer<br>
> line.<br>
><br>
> cache_peer 1.1.1.1 parent 443 0 ssl no-query proxy-only no-digest<br>
> originserver name=exchange2010_parent sslflags=DONT_VERIFY_PEER<br>
> login=PASSTHRU front-end-https=on connection-auth=on sslversion=3<br>
><br>
> The HTTPS port line is still enforcing TLSv1.0 or newer, with restricted<br>
> ciphers.<br>
><br>
> https_port <a href="http://1.1.1.2:443" target="_blank">1.1.1.2:443</a> accel cert=... key=...<br>
> options=NO_SSLv2:NO_SSLv3:CIPHER_SERVER_PREFERENCE<br>
> cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:+HIGH:+MEDIUM:!SSLv2:!RC4<br>
><br>
><br>
<br>
Ouch. Good to know thank you.<br>
<br>
FYI:<br>
That workaround is one to keep an eye on. You may find the workaround<br>
needs undoing at some point soonish.<br>
MS are officially in the process of releasing updates that remove and<br>
disable SSLv3 support from their software. It began back in Oct/Nov 2014<br>
and seems to be moving across the product range in a staged rollout with<br>
each of the "Patch Tueday" so far (and probaly some future).<br>
<br>
Amos<br>
<br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div>