[squid-users] OT: why does openssl-1.0.1f not like https://www.bnz.co.nz/?
Amos Jeffries
squid3 at treenet.co.nz
Thu Nov 13 02:37:05 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 13/11/2014 3:22 p.m., Jason Haar wrote:
> On 13/11/14 15:04, Amos Jeffries wrote:
>> Sounds to me like they are using SSLv3 in their server.
>
> Yes but "openssl s_client -tls1" also works, it just appears that
> openssl cannot negotiate it - it has to be hardwired
>
>> Lookup "SSLv3 POODLE" for what is happening in that area.
>
> I thought it would be related, so it appears the newest version of
> openssl cannot talk to some servers that "only" support TLSv1.0? That
> doesn't sound right...
If the server responds to either the -ssl3 option or the -tls1 option
then it is performing some form of SSLv3 / TLS1.0 compatibility logics.
Which are probably screwed up when SSLv3 disappears out of the equation.
>
> But as you say, once the browsers start breaking, I bet sites will
> rapidly get upgraded. Hard to believe, but right now the Bank of New
> Zealand doesn't support TLSv1.1, let alone TLSv1.2!
Following along in the footsteps of the UK tax dept. They hit this last
week. :-)
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUZBlRAAoJELJo5wb/XPRjcX8IANycoz70clz5mjhcMgwxABaa
33i4HrMciwhQU+AtgK22COd4OxK/L2GGFCV6Aapa4xcggsvVQ7B7BvcSSdAX3woF
ubhAhQOBc3NY5ZykDDSXnfVUfLIwfkB5xH225wTAmUZM4AWLk4QE/BrH7Q8qUGzh
6pBzlCetI3GqoHPtKCrQPuBt7t4zoAwRPvE23PWSxcwygdIJuUgQN1ZTcjdiGNcm
BqW3LxkNTFqE2w5RLaQmLpfD6vOH+CZyrTwW9INOb3vVqsUw2oj2DHPQUoRBvb6x
ZhGjnoQ+ta/sRNsbdUL6qVexXcf/+loVRHkhwgmhvIPXHhXrzrYzVsnmvmgKL9s=
=4k9a
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list