[squid-users] ssl_bump peek in squid-3.5.3
Amos Jeffries
squid3 at treenet.co.nz
Thu Apr 23 06:51:33 UTC 2015
On 23/04/2015 6:29 p.m., Michael Hendrie wrote:
> Hi All
>
> I’ve been running squid-3.4.x in tproxy mode with ssl_bump
> server-first for some time and has been working great.
>
> I have just moved to 3.5.3 to use peek to overcome some issues with
> sites that require SNI to serve up the correct certificate. In most
> cases this is work well however I seem to have an issue that (so far)
> only effects the Safari web browser with certain sites. As an
> example, https://twitter.com <https://twitter.com/> and
> https://www.openssl.org <https://www.openssl.org/> will result in a
> Safari error page “can’t establish a secure connection with the
> server”. There is also a correlating entry in the cache.log 'Error
> negotiating SSL connection on FD 45: error:140A1175:SSL
> routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback (1/-1)’
Please try the latest snapshot of 3.5 series. There are some TLS session
resume and SNI bug fixes.
Amos
More information about the squid-users
mailing list