Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-10 Thread Eliezer Croitoru
...@gmail.com] Sent: Monday, October 10, 2016 4:54 PM To: Eliezer Croitoru Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE) On Mon, Oct 10, 2016 at 11:41 AM, Eliezer Croitoru <elie...@ngtech.co.il>

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-10 Thread Marc
On Mon, Oct 10, 2016 at 11:41 AM, Eliezer Croitoru wrote: > Thanks for updating! > > May I ask what version of Linux are you using squid ontop? > I have released couple RPMs and am working on releasing a drop-in tar.xz for > debian based systems. Yeah sure, I'm using

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-10 Thread Eliezer Croitoru
...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Marc Sent: Sunday, October 9, 2016 11:51 PM To: Vieri Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-09 Thread Marc
Hi Vieri, Squid 4 fixes it, in my case. Same config, same system. Regards, Marc On Thu, Oct 6, 2016 at 11:00 PM, Marc wrote: > Hi Viery, > > Sorry, copy/paste error, my bad. Please try: > > openssl s_client -quiet -connect www.google.com:443 -tls1 -cipher >

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-06 Thread Marc
Hi Viery, Sorry, copy/paste error, my bad. Please try: openssl s_client -quiet -connect www.google.com:443 -tls1 -cipher RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:DHE-DSS-DES-CBC3-SHA:DHE-DSS-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA <

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-06 Thread Amos Jeffries
On 6/10/2016 8:46 p.m., Vieri wrote: > Hi, > > > > - Original Message - >> From: Amos Jeffries >>> Is it correct to assume at this point that the current openssl >>> build on this system is "OK" as far as supporting "Win XP TLS 1.0 >>> ciphers to access at least

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-06 Thread Vieri
Hi, - Original Message - > From: Amos Jeffries >> Is it correct to assume at this point that the current openssl build >> on this system is "OK" as far as supporting "Win XP TLS 1.0 ciphers >> to access at least google.com"? > > Yes. The build is capable of it.

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-06 Thread Vieri
- Original Message - > From: Marc > Mimicing in openssl (well.. not perfect but it joes the job I guess): > openssl s_client -quiet -connect www.google.com:443 -tls1 -cipher > RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP- >

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-05 Thread Marc
Well.. it looks like the issue I'm having (subject: handshake problems with stare and bump). IE8 on XP sends out: Secure Sockets Layer SSL Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.0 (0x0301) Length: 104

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-04 Thread Amos Jeffries
On 5/10/2016 12:07 a.m., Vieri wrote: > Hi, > >>> Whatever the reason, for an end-user like me it seems that the XP >>> client is able to negotiate TLS correctly with Google and >>> presumably using the cipher DES-CBC3-SHA (maybe after failing >>> with RC4-MD5 on a first attempt), whereas Squid

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-04 Thread Vieri
Hi, >> Whatever the reason, >> for an end-user like me it seems that the XP client is able to >> negotiate TLS correctly with Google and presumably using the cipher >> DES-CBC3-SHA (maybe after failing with RC4-MD5 on a first attempt), >> whereas Squid immediately fails with RC4-MD5. It doesn't

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-03 Thread Amos Jeffries
On 3/10/2016 8:11 p.m., Vieri wrote: > > > Hi, > > - Original Message - >> From: Yuri Voinov >> > >>> Why is Squid negotiating cipher RC4-MD5 which is reported >>> "insecure" and unsupported by the google web site?> Because your >>> antique client request it. XP

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-10-03 Thread Vieri
Hi, - Original Message - > From: Yuri Voinov > >> Why is Squid negotiating cipher RC4-MD5 which is reported "insecure" >> and unsupported by the google web site?> Because your antique client request >> it. XP desupported years ago. [...] > Throw out XP and IE8 and

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-09-30 Thread Yuri Voinov
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 30.09.2016 17:36, Vieri пишет: > Hi, > > - Original Message - >> From: Amos Jeffries >> >> Squid mimics the client details when contacting the server. So you would > >> get the same problem (though maybe different

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-09-30 Thread Vieri
Maybe my previous post was too long. Simply put, why doesn't Squid negotiate the DES-CBC3-SHA cipher instead of RC4-MD5? Vieri ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-09-30 Thread Vieri
Hi, - Original Message - > From: Amos Jeffries > > Squid mimics the client details when contacting the server. So you would > get the same problem (though maybe different description) if going > directly without the proxy. If I try connecting to

Re: [squid-users] FW: squid tproxy ssl-bump and Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)

2016-09-29 Thread Amos Jeffries
On 30/09/2016 11:23 a.m., Eliezer Croitoru wrote: > Hey Vieri, > > Just as a tiny reply I must admit that it's expected. > What you see is the result of squid and it's ssl stack support the goal of a > minimum specific version of ssl encrypted connections. > I am not sure but there might be a