[squid-users] squid reverse proxy (accelerator) for MS Exchange OWA
Vieri
rentorbuy at yahoo.com
Wed Jan 25 07:45:25 UTC 2017
----- Original Message -----
From: Alex Rousskov <rousskov at measurement-factory.com>
>
> The peer at 10.215.144.21:443 accepted Squid connection and then closed
> it, probably before sending anything to Squid
Thanks Alex.
I was lucky enough to try the following options in cache_peer:
ssloptions=NO_SSLv3,NO_SSLv2,NO_TLSv1_2,NO_TLSv1_1
This solves the issue. I understand it forces using TLS 1.0. In fact, the OWA origin server is a Windows server 2003 and only supports SSLv{2,3} and TLS 1.0.
It seems that Squid delegates SSL to OpenSSL and it's really too bad the latter can't be a little bit more verbose. I know this isn't the right list for this but couldn't OpenSSL simply have logged something regarding "unsupported TLS/SSL versions"? I'm only supposing that without the ssloptions I posted above, openssl will try TLS 1.2 and silently fail if that doesn't succeed.
Regardless, it all seems to be working now, even with Squid 3.5.14.
Thanks again,
Vieri
More information about the squid-users
mailing list