<div dir="ltr"><div>Hi,</div><div><br></div><div>I am currently squid-cache in hierarchy setup, with TLS enabled throughout.<br></div><div><br></div><div>client --> child Squid --> parent Squid --> web server</div><div><br></div><div>
Openssl version: 1.0.2k
</div><div>This setup is working for 3.5.20.</div><div><br></div><div>But when I updated to squid 4(tried 4.8, 4.11 and 4.13), <br></div><div>initial HTTP request goes through, but TLS renegotiation is failing between child and parent squid for the following requests. <br></div><div><br></div><div>From the logs, it looks like child squid is trying to initialize TLS renegotiating using old TLS session ID, but parent squid is rejecting session resumption.</div><div><br></div><div>I confirm this behavior using openssl s_client --reconnect option.</div><div> <br></div><div>I tried to disabled client initialed TLS renegotiating by setting
tls-options=NO_TICKET (on child squid), but it is affecting the behavior. <br></div><div><br></div><div>Are there any changes in default TLS
renegotiation behavior between squid 3.5 and 4.x?</div><div> Is there a way to disable the client (child squid) initialized TLS renegotiation in squid 4?</div><div><br></div><div>Thanks,</div><div>Manoj<br></div><div><br></div><div><br></div></div>