[squid-users] SSL handshake

senor frio_cervesa at hotmail.com
Sun Aug 8 05:48:45 UTC 2021


Wireshark flags the next protocol extension as malformed coming from (popular origin server).

Alex - Can you point to a patch under test or other changes that we can use to alleviate this pain?

The extension is included in the Server Hello due to it being included in the Client Hello. I was hoping there was a way to use tls_outgoing_options but I don't see any relevant options. I think I can comment it out in Handshake.cc but is there a run-time option?

Thanks

________________________________________
From: squid-users <squid-users-bounces at lists.squid-cache.org> on behalf of Alex Rousskov <rousskov at measurement-factory.com>
Sent: Tuesday, August 3, 2021 1:04 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] SSL handshake

FWIW, Factory can reproduce this (popular origin server) problem with
and without Squid. We are adding a Squid enhancement that will work
around the problem (and improve TLS support in general).

Alex.

> curl: (35) error:1423506E:SSL routines:ssl_next_proto_validate:bad extension

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users


More information about the squid-users mailing list