At jun, Firefox will drop entirely it support for sslv3. On Thu, Apr 23, 2015 at 11:11 PM Amos Jeffries <squ...@treenet.co.nz> wrote:
> On 24/04/2015 7:11 a.m., dweimer wrote: > > On 04/23/2015 9:24 am, dweimer wrote: > >> I upgraded our Reverse proxy from 3.4.12 to 3.5.3 via the FreeBSD > >> ports last night. It has broken our Outlook RPC over HTTPS. OWA and > >> Phones are still connecting with Active Sync, its just the RPC for > >> Outlook anywhere that is broken. > >> > >> Did anyone else have any issues when upgrading from 3.4 branch to 3.5 > >> branch with Outlook RPC? > > > > In case anyone else is having an issue, I found the solution. Which also > > solved a long standing issue with larger file uploads through > > OWA/ActiveSync/RPC, that we were having. I had to force the cache peer > > to use SSLv3 instead of TLSv1.0 by adding sslversion=3 to the cache peer > > line. > > > > cache_peer 1.1.1.1 parent 443 0 ssl no-query proxy-only no-digest > > originserver name=exchange2010_parent sslflags=DONT_VERIFY_PEER > > login=PASSTHRU front-end-https=on connection-auth=on sslversion=3 > > > > The HTTPS port line is still enforcing TLSv1.0 or newer, with restricted > > ciphers. > > > > https_port 1.1.1.2:443 accel cert=... key=... > > options=NO_SSLv2:NO_SSLv3:CIPHER_SERVER_PREFERENCE > > cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:+HIGH:+MEDIUM:!SSLv2:!RC4 > > > > > > Ouch. Good to know thank you. > > FYI: > That workaround is one to keep an eye on. You may find the workaround > needs undoing at some point soonish. > MS are officially in the process of releasing updates that remove and > disable SSLv3 support from their software. It began back in Oct/Nov 2014 > and seems to be moving across the product range in a staged rollout with > each of the "Patch Tueday" so far (and probaly some future). > > Amos > > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
