[squid-users] SSL bump fails accessing .gov.uk servers
Dieter Bloms
squid at bloms.de
Fri Oct 31 20:03:42 UTC 2014
Hi Steve,
On Fri, Oct 31, Steve Hill wrote:
> This is probably not a problem with Squid, but I'm posting here in the
> hope that someone may have more clue than me when it comes to SSL :)
...
> If I force openssl into TLS1 mode (with the -tls1 argument) then it
> works fine. TLS 1.1 and 1.2 both fail. However, shouldn't openssl be
> negotiating the highest TLS version supported by both server and client?
but when the server is broken, it will not work.
Have a look at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.taxdisc.service.gov.uk
> It works correctly when FireFox connects directly to the web server
> rather than going through the proxy.
yes the browsers have a workaround and try with different cipher suites,
when the first connect fails.
> So my question is: is the web server broken, or am I misunderstanding
> something?
The webserver is broken.
--
Regards.
Dieter
--
I do not get viruses because I do not use MS software.
If you use Outlook then please do not put my email address in your
address-book so that WHEN you get a virus it won't use my address in the
>From field.
More information about the squid-users
mailing list