[squid-users] Peek-and-splice not working when mixing TLS1.3 servers and TLS1.2 clients

John Sweet-Escott eype69 at gmail.com
Mon Sep 23 17:23:33 UTC 2019



>> On 22 Sep 2019, at 14:41, Alex Rousskov <rousskov at measurement-factory.com> wrote:
> On 9/22/19 9:18 AM, Nikolaus wrote:
> 
>> The access.log contains error code / detail "ERR_SECURE_CONNECT_FAIL /
>> SQUID_ERR_SSL_HANDSHAKE" - which is not too helpful - but the cache.log
>> contains the more detailed "ERROR: negotiating TLS on FD 19:
>> error:1425F175:SSL routines:ssl_choose_client_version:inappropriate
>> fallback (1/-1/0)".
> 
>> Is a TLS fallback prevention mechanism kicking in by error? If so, how
>> to fix it?
> 
> I do not know the answers to your questions, but I am sure that it is
> possible to figure it out by looking at either packet captures or
> detailed debugging logs. Unfortunately, I do not have enough free time
> to guide you through this triage. There were several similar complains
> about "inappropriate fallback" errors on this list recently. I would
> start by revisiting those threads for more clues.
> 
> Alex
Unfortunately we have not been able to work out the inappropriate fallback issue described http://lists.squid-cache.org/pipermail/squid-users/2019-September/021047.html. If you do fix your issue, please do share. 
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190923/c71a12e2/attachment.html>


More information about the squid-users mailing list