[squid-users] Squid with custom openssl path is using the openssl installed in default path

Stilyan Georgiev stilyangeorgiev at gmail.com
Wed Feb 27 22:06:39 UTC 2019


On Thu, Feb 28, 2019 at 12:05 AM Stilyan Georgiev <stilyangeorgiev at gmail.com>
wrote:

> Tried everything , including upgrading the system to version that has
> openssl1.1.1-1 , recompiling the package to exclude TLS 1.3 support , using
> -- tls_outgoing_options options=NO_TLSv1_3 where NO_TLSv1_3 simply wasn't
> recognized as something of use.
> TLS1.3 is still being used for sites, and our blocking based on SNI
> doesn't work.
>
> 1 thing left to try - specify list of ciphers where tls1.3 ciphers are not
> included. If that doesn't work we're probably switching to nginx , so we
> can use their config - ssl_protocols TLSv1.2; as too many hours were
> already spent on solving the problem here :(
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190228/bba562e0/attachment.html>


More information about the squid-users mailing list