[squid-users] Squid Upgrade from 3.4.12 to 3.5.3 on FreeBSD 10.1 broke Exchange RPC reverse proxy
dweimer
dweimer at dweimer.net
Thu Apr 23 19:11:16 UTC 2015
On 04/23/2015 9:24 am, dweimer wrote:
> I upgraded our Reverse proxy from 3.4.12 to 3.5.3 via the FreeBSD
> ports last night. It has broken our Outlook RPC over HTTPS. OWA and
> Phones are still connecting with Active Sync, its just the RPC for
> Outlook anywhere that is broken.
>
> Did anyone else have any issues when upgrading from 3.4 branch to 3.5
> branch with Outlook RPC?
In case anyone else is having an issue, I found the solution. Which also
solved a long standing issue with larger file uploads through
OWA/ActiveSync/RPC, that we were having. I had to force the cache peer
to use SSLv3 instead of TLSv1.0 by adding sslversion=3 to the cache peer
line.
cache_peer 1.1.1.1 parent 443 0 ssl no-query proxy-only no-digest
originserver name=exchange2010_parent sslflags=DONT_VERIFY_PEER
login=PASSTHRU front-end-https=on connection-auth=on sslversion=3
The HTTPS port line is still enforcing TLSv1.0 or newer, with restricted
ciphers.
https_port 1.1.1.2:443 accel cert=... key=...
options=NO_SSLv2:NO_SSLv3:CIPHER_SERVER_PREFERENCE
cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:+HIGH:+MEDIUM:!SSLv2:!RC4
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
More information about the squid-users
mailing list