[squid-users] Peek-and-splice not working when mixing TLS1.3 servers and TLS1.2 clients

Nikolaus dc.sqml at ntcomputer.de
Sun Sep 22 13:18:01 UTC 2019


> You may
> be able to figure it out by looking at the corresponding access.log
> records, especially if you log %err_code and %err_detail. In the worst
> case, enabling and looking at debugging info in cache.log may be
> necessary, but I would start with access.log anyway.

Thank you for the suggestion Alex!

The access.log contains error code / detail "ERR_SECURE_CONNECT_FAIL /
SQUID_ERR_SSL_HANDSHAKE" - which is not too helpful - but the cache.log
contains the more detailed "ERROR: negotiating TLS on FD 19:
error:1425F175:SSL routines:ssl_choose_client_version:inappropriate
fallback (1/-1/0)".

Is a TLS fallback prevention mechanism kicking in by error? If so, how
to fix it?
Please let me know if additional log output (the debug log around the
error location did not seem helpful to me though) or a configuration to
reproduce the error are needed.

Nikolaus


More information about the squid-users mailing list