Hi Viery, Sorry, copy/paste error, my bad. Please try:
openssl s_client -quiet -connect www.google.com:443 -tls1 -cipher RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:DHE-DSS-DES-CBC3-SHA:DHE-DSS-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA < <(echo -e "GET / HTTP/1.1\nHost: www.google.com\n\n") That one fails (at least with me). Squid replies with 503 Service unavailable, SQUID_ERR_SSL_HANDSHAKE . Now adding a random extension: openssl s_client -quiet -connect www.google.com:443 -tls1 -cipher RC4-MD5:RC4-SHA:DES-CBC3-SHA:DES-CBC-SHA:EXP1024-RC4-SHA:EXP1024-DES-CBC-SHA:EXP-RC4-MD5:EXP-RC2-CBC-MD5:DHE-DSS-DES-CBC3-SHA:DHE-DSS-CBC-SHA:EXP1024-DHE-DSS-DES-CBC-SHA -serverinfo 12345 < <(echo -e "GET / HTTP/1.1\nHost: www.google.com\n\n") That one succeeds (302 Found). At least with me. The extension doesn't have to be 12345, some regular ones do the trick as well. But openssl doesn't always include the existing ones correctly, so I used the dummy. Please let me know. If adding a random extension fixes the error with you too, well.. It could be a step in the right direction towards finding the cause of this problem. Marc _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
