Re: [squid-users] Reverse Proxy SSL 3.0

From: Henrik Nordstrom <henrik@dont-contact.us>
Date: Tue, 18 Jul 2006 01:13:12 +0200

mån 2006-07-17 klockan 16:06 -0400 skrev Brad Taylor:

> https_port 443 cert=/etc/squid/sbcert.pem
> key=/etc/squid/sbprivatekey.pem version=2
>
> When I change to 3:
> https_port 443 cert=/etc/squid/sbcert.pem
> key=/etc/squid/sbprivatekey.pem version=3
>
> I get a "page can not be displayed" in IE.

Probably IE sends a SSLv2 session setup with upgrade to SSLv3/TLS. If
you set the protocol to 3 then only SSLv3 session setups is accepted and
clients sending SSLv2 session setups will get rejected even if they
indicate they accept upgrade to SSLv3 or TLS.

Try disabling SSLv2 via the options= instead.. This keeps the
"automatic" session setup mode, and only restricts the end result..

Regards
Henrik

Received on Mon Jul 17 2006 - 17:13:17 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Aug 01 2006 - 12:00:01 MDT