On 4/12/2015 12:34 a.m., Massimo.Sala wrote:
> We have a server with squid 3.4.8 as forward proxy ( clients have the
> proxy configured in the browsers ).
>
>
> Sometimes we have Zero-Sized Replies from Windows Servers as discussed
> here :
>
> https://squidproxy.wordpress.com/category/squid-3/
>
> The proxy server is in the internal LAN. We want to adopt this work-around
> :
>
> disable BEAST mitigation by ssloptions=ALL in squid.conf
> (insecure)
>
>
> Does it work in forwarding mode ?
>
> http_port 3128 ssloptions=ALL
>
No. SSL options are not relevant to plain-text HTTP traffic.
From the hints you have given about your configuration so far I believe
the HTTPS traffic is being tunnelled blindly through your proxy. All
TLS/SSL details are being negotiated between the client UA and the
server they are tunneled to.
Under such conditions there is *nothing* you can do to influence or
affect TLS/SSL behaviour short of blocking it outright on a per-server
basis.
Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
