[squid-users] SSL handshake

Alex Rousskov rousskov at measurement-factory.com
Tue Aug 10 17:44:19 UTC 2021


On 8/8/21 1:48 AM, senor wrote:

> Can you point to a patch under test or other changes that we can use
> to alleviate this pain?

I will probably regret sharing this unfinished work, but our current
changes can be found at [1]. A Factory customer has reported successful
deployment, but the changes still need a lot of work; the results are
not ready for review of any kind. Also, we do not have enough free
cycles to port those in-progress changes to your current Squid version,
whatever it is.

[1] https://github.com/measurement-factory/squid/commit/16a3534

As always, we will post the fix for the official review ASAP. My current
ballpark ETA for that is ~6 weeks.


HTH,

Alex.



> From: squid-users <squid-users-bounces at lists.squid-cache.org> on behalf of Alex Rousskov <rousskov at measurement-factory.com>
> Sent: Tuesday, August 3, 2021 1:04 PM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] SSL handshake
> 
> FWIW, Factory can reproduce this (popular origin server) problem with
> and without Squid. We are adding a Squid enhancement that will work
> around the problem (and improve TLS support in general).
> 
> Alex.
> 
>> curl: (35) error:1423506E:SSL routines:ssl_next_proto_validate:bad extension
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 



More information about the squid-users mailing list