...@gmail.com]
Sent: Monday, October 10, 2016 4:54 PM
To: Eliezer Croitoru
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS
code: SQUID_ERR_SSL_HANDSHAKE)
On Mon, Oct 10, 2016 at 11:41 AM, Eliezer Croitoru <elie...@ngtech.co.il>
On Mon, Oct 10, 2016 at 11:41 AM, Eliezer Croitoru wrote:
> Thanks for updating!
>
> May I ask what version of Linux are you using squid ontop?
> I have released couple RPMs and am working on releasing a drop-in tar.xz for
> debian based systems.
Yeah sure, I'm using
...@ngtech.co.il
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Marc
Sent: Sunday, October 9, 2016 11:51 PM
To: Vieri
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS
code
Hi Vieri,
Squid 4 fixes it, in my case. Same config, same system.
Regards,
Marc
On Thu, Oct 6, 2016 at 11:00 PM, Marc wrote:
> Hi Viery,
>
> Sorry, copy/paste error, my bad. Please try:
>
> openssl s_client -quiet -connect www.google.com:443 -tls1 -cipher
>
Hi Viery,
Sorry, copy/paste error, my bad. Please try:
openssl s_client -quiet -connect www.google.com:443 -tls1 -cipher
RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:DHE-DSS-DES-CBC3-SHA:DHE-DSS-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA
<
On 6/10/2016 8:46 p.m., Vieri wrote:
> Hi,
>
>
>
> - Original Message -
>> From: Amos Jeffries
>>> Is it correct to assume at this point that the current openssl
>>> build on this system is "OK" as far as supporting "Win XP TLS 1.0
>>> ciphers to access at least
Hi,
- Original Message -
> From: Amos Jeffries
>> Is it correct to assume at this point that the current openssl build
>> on this system is "OK" as far as supporting "Win XP TLS 1.0 ciphers
>> to access at least google.com"?
>
> Yes. The build is capable of it.
- Original Message -
> From: Marc
> Mimicing in openssl (well.. not perfect but it joes the job I guess):
> openssl s_client -quiet -connect www.google.com:443 -tls1 -cipher
> RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-
>
Well.. it looks like the issue I'm having (subject: handshake problems
with stare and bump).
IE8 on XP sends out:
Secure Sockets Layer
SSL Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 104
On 5/10/2016 12:07 a.m., Vieri wrote:
> Hi,
>
>>> Whatever the reason, for an end-user like me it seems that the XP
>>> client is able to negotiate TLS correctly with Google and
>>> presumably using the cipher DES-CBC3-SHA (maybe after failing
>>> with RC4-MD5 on a first attempt), whereas Squid
Hi,
>> Whatever the reason,
>> for an end-user like me it seems that the XP client is able to
>> negotiate TLS correctly with Google and presumably using the cipher
>> DES-CBC3-SHA (maybe after failing with RC4-MD5 on a first attempt),
>> whereas Squid immediately fails with RC4-MD5. It doesn't
On 3/10/2016 8:11 p.m., Vieri wrote:
>
>
> Hi,
>
> - Original Message -
>> From: Yuri Voinov
>>
>
>>> Why is Squid negotiating cipher RC4-MD5 which is reported
>>> "insecure" and unsupported by the google web site?> Because your
>>> antique client request it. XP
Hi,
- Original Message -
> From: Yuri Voinov
>
>> Why is Squid negotiating cipher RC4-MD5 which is reported "insecure"
>> and unsupported by the google web site?> Because your antique client request
>> it. XP desupported years ago.
[...]
> Throw out XP and IE8 and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
30.09.2016 17:36, Vieri пишет:
> Hi,
>
> - Original Message -
>> From: Amos Jeffries
>>
>> Squid mimics the client details when contacting the server. So you would
>
>> get the same problem (though maybe different
Maybe my previous post was too long. Simply put, why doesn't Squid negotiate
the DES-CBC3-SHA cipher instead of RC4-MD5?
Vieri
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Hi,
- Original Message -
> From: Amos Jeffries
>
> Squid mimics the client details when contacting the server. So you would
> get the same problem (though maybe different description) if going
> directly without the proxy.
If I try connecting to
On 30/09/2016 11:23 a.m., Eliezer Croitoru wrote:
> Hey Vieri,
>
> Just as a tiny reply I must admit that it's expected.
> What you see is the result of squid and it's ssl stack support the goal of a
> minimum specific version of ssl encrypted connections.
> I am not sure but there might be a
17 matches
Mail list logo