Re: [squid-users] issues with old version of TLS/SSL certificate

2021-07-12 Thread Antony Stone 
On Monday 12 July 2021 at 18:58:43, Alex Irmel Oviedo Solis wrote:

> Hello all, I'm trying to download a file from
> https://prodcont.seace.gob.pe

> SSLLabs review shows that server supports only TLS 1.0

> Any solution please?

If you're trying to download a specific file from a specific server, which 
doesn't support current encryption protocols, is it absolutely essential to 
you that you download it via Squid?

In other words, I suggest you just connect to the machine directly, download 
the file, and then either forget about the server's outdated encryption 
capabilities, or inform the website maintainers (if there are any?) and see 
whether they care enough to bring it up to date.

Either way, you have your file, and you don't have to work out how to persuade 
Squid to do somethng that's really not a good idea to start with.


Antony.

-- 
"It is easy to be blinded to the essential uselessness of them by the sense of 
achievement you get from getting them to work at all. In other words - and 
this is the rock solid principle on which the whole of the Corporation's 
Galaxy-wide success is founded - their fundamental design flaws are completely 
hidden by their superficial design flaws."

 - Douglas Noel Adams

   Please reply to the list;
 please *don't* CC me.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] issues with old version of TLS/SSL certificate

2021-07-12 Thread Alex Irmel Oviedo Solis 
Hello all, I'm trying to download a file from https://prodcont.seace.gob.pe,
it seems have an old  version certificate, the error that shows squid is:
//---Begin of error
The system returned:
(71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
Handshake with SSL server failed: error:1425F102:SSL
routines:ssl_choose_client_version:unsupported protocol
//---End of error

SSLLabs review shows that server supports only TLS 1.0

I tryed putting this line into my squid.conf without success:
tls_outgoing_options cafile=/etc/squid/cacert.pem min-version=1.0
options=ALL

Any solution please?

-- 
*"Una alegría compartida se transforma en doble alegría; una pena
compartida, en media pena."*
--> http://www.alexove.me 
--> Celular (Movistar): +51-959-625-001
--> Sigueme en Twitter: http://twitter.com/alexove_pe
--> Perfil: http://fedoraproject.org/wiki/user:alexove
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users