<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
Ok, nobody.<br>
<br>
Well.<br>
<br>
I've done my own research.<br>
<br>
My suggestions:<br>
<br>
CloudFlare now uses it's own custom OpenSSL 1.0.2 with very custom
patches with CHACHA Poly support.<br>
<br>
This patches is not in upstream. Moreover, OpenSSL team no plans in
the foreseeable future to support the latest ciphers.<br>
<br>
So, Squid 4 can't handshake TLS with CF right now. Possible it is
Squid 4.x branch bug. Because of 3.5.x does CF handshake.<br>
<br>
LibreSSL does CHACHA right now.<br>
<br>
The question is:<br>
<br>
Amos, does Squid can support LibreSSL and, if no, when you plan to
support?<br>
<br>
14.04.16 20:38, Yuri Voinov пишет:<br>
<span style="white-space: pre;">><br>
> Any ideas?<br>
><br>
> Anybody?<br>
><br>
> 13.04.16 2:37, Yuri Voinov пишет:<br>
><br>
><br>
> > I suggests the matter can be openssl not OS:<br>
><br>
><br>
><br>
> > root @ cthulhu /patch # openssl version -a<br>
><br>
> > OpenSSL 1.0.1s 1 Mar 2016<br>
><br>
> > built on: Tue Mar 1 15:42:26 2016<br>
><br>
> > platform: solaris64-x86_64-cc-sunw<br>
><br>
> > options: bn(64,64) rc4(16x,int)
des(ptr,cisc,16,int)<br>
> idea(int) blowfish(ptr)<br>
><br>
> > compiler: /opt/solarisstudio12.4/bin/cc -I. -I..<br>
> -I../include -KPIC -DOPENSSL_PIC -DOPENSSL_THREADS
-D_REENTRANT<br>
> -DDSO_DLFCN -DHAVE_DLFCN_H<br>
> -DPK11_LIB_LOCATION="/usr/lib/64/libpkcs11.so"
-DHAVE_ISSETUGID<br>
> -DAV_SPARC_FJAES=0 -xO3 -m64 -xstrconst -Xa -DL_ENDIAN<br>
> -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT
-DOPENSSL_BN_ASM_MONT5<br>
> -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM
-DSHA512_ASM<br>
> -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM
-DWHIRLPOOL_ASM<br>
> -DGHASH_ASM<br>
><br>
> > OPENSSLDIR: "/etc/opt/csw/ssl"<br>
><br>
><br>
><br>
><br>
><br>
> > 13.04.16 2:29, Yuri Voinov пишет:<br>
><br>
><br>
><br>
><br>
><br>
> > > root @ cthulhu /patch # dig
<a class="moz-txt-link-abbreviated" href="http://www.cloudflare.com">www.cloudflare.com</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > ; <<>> DiG 9.6-ESV-R11-P4<br>
> <<>><br>
><br>
> > <a class="moz-txt-link-abbreviated" href="http://www.cloudflare.com">www.cloudflare.com</a><br>
><br>
><br>
><br>
> > > ;; global options: +cmd<br>
><br>
><br>
><br>
> > > ;; Got answer:<br>
><br>
><br>
><br>
> > > ;; ->>HEADER<<- opcode:
QUERY, status:<br>
> NOERROR,<br>
><br>
> > id: 32548<br>
><br>
><br>
><br>
> > > ;; flags: qr rd ra; QUERY: 1, ANSWER:
2,<br>
> AUTHORITY: 0,<br>
><br>
> > ADDITIONAL: 0<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > ;; QUESTION SECTION:<br>
><br>
><br>
><br>
> > > ;www.cloudflare.com. IN
A<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > ;; ANSWER SECTION:<br>
><br>
><br>
><br>
> > > <a class="moz-txt-link-abbreviated" href="http://www.cloudflare.com">www.cloudflare.com</a>. 86400 IN
A <br>
><br>
> > 198.41.214.162<br>
><br>
><br>
><br>
> > > <a class="moz-txt-link-abbreviated" href="http://www.cloudflare.com">www.cloudflare.com</a>. 86400 IN
A <br>
><br>
> > 198.41.215.162<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > ;; Query time: 538 msec<br>
><br>
><br>
><br>
> > > ;; SERVER: 127.0.0.1#53(127.0.0.1)<br>
><br>
><br>
><br>
> > > ;; WHEN: Wed Apr 13 02:28:34 ALMT 2016<br>
><br>
><br>
><br>
> > > ;; MSG SIZE rcvd: 68<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > root @ cthulhu /patch # uname -a<br>
><br>
><br>
><br>
> > > SunOS cthulhu 5.10 Generic_150401-30
i86pc i386<br>
> i86pc Solaris<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > But I think OS does not matter here.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > 13.04.16 2:02, Eliezer Croitoru пишет:<br>
><br>
><br>
><br>
> > > > What "dig <a class="moz-txt-link-abbreviated" href="http://www.cloudflare.com">www.cloudflare.com</a>"<br>
><br>
><br>
><br>
> > > results with?<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > Also what OS are you using?
I am using<br>
> CentOS 7 up<br>
><br>
> > to date...<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > Eliezer<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > On 12/04/2016 21:39, Yuri
Voinov wrote:<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > >> root @ cthulhu /patch #
openssl<br>
> s_client<br>
><br>
> > -cipher<br>
><br>
><br>
><br>
> > > 'ECDHE-ECDSA-AES128-GCM-SHA256'
-connect<br>
><br>
> > <a class="moz-txt-link-abbreviated" href="http://www.cloudflare.com:443">www.cloudflare.com:443</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > ><br>
> _______________________________________________<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > squid-users mailing list<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > >
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > ><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJXD+IPAAoJENNXIZxhPexGhe4IAIdg3PLM/s5YxkP822HNwDA2
<br>
fbHLf9XcWe6koYNMMuHJ1NgN4thr5KtXEuQZBTno5TYFlce9P8PaXnnZCPD/xOjM
<br>
Bs+J705QG5tqDy5d7EYk606wiefXa8IuifLY0gQnZYjz0pM+CneJw8zVK47VrRwl
<br>
jUr/aohgAXuGfUcFMQyX/Jxc/mHHOdC2Pyd1R0qkw93r5LbppDQ5vuS/Hm2clTtt
<br>
bSIjFcPv7Ug+kNYp47g6WIoYjbBK7BPpWoolJMIf9p0sF7Scq7RCo30aViWBOcKh
<br>
TjVjZdwwTypW0tyLb89D2OKc1ieDVSk6HKcL+Ed1V0TMg2AakXmkXurRR73WP+o=
<br>
=umi3
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>