[squid-users] Re: Squid 3.1 and https ssl aes256 issue
Amos Jeffries-2 wrote > > Just SYN_SENT? no TCP connection completed and CONNECT HTTP request > sent? (all that has to happen *before* the first octet of TLS starts) > > Very strange. > Indeed there is something strange that I cannot understand. It seems as if the client sends the request but no one from the other side answers that request. Now I'm doing a test from the shell of my proxy machine and I can see that the machine isn't able to connect to aes256 sites, regardless of Squid. So isn't a Squid issue as I thought... I have to investigate why my linux machine cannot connects to those sites... thank you for your help! -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-1-and-https-ssl-aes256-issue-tp4655250p4655259.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Re: Squid 3.1 and https ssl aes256 issue
> It is most likely that your clients browsers or SSL libraries are > missing AES-256 support or are getting stuck negotiating to use a > version of TLS/SSL which supports it. > > Amos > Ok, but if I turn off proxy setting in clients and allow a direct connection to the internet, all works well. So I think there is something strange in my proxy machine/configuration that denies some packets to flow correctly through it. Client-side, if I leave proxy enabled and try to contact aes-256 sites, in netstat I can see the connection in SYN_SENT state, so that I think that somewhere some packets are dropped... -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-1-and-https-ssl-aes256-issue-tp4655250p4655257.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] Squid 3.1 and https ssl aes256 issue
Hi this is my first post... last month I installed a linux ubuntu server 12.04 LTS machine with Squid3 in my organization. This machine works as a proxy (not transparent proxy) for the web access from clients. Proxy is connected to a gateway for internet connection. Clients are configured so that all web (http, https, ftp, socks) trafic goes through the squid proxy. All works fine, clients are able to access to all type of internet trafic, including https sites encrypted with aes128 (like gmail, or https://www1.directatrading.com/). But no client is able to access to sites encrypted with aes256 (like https://www.unicredit.it/)... the browser locks with "Connecting to https://www..."; and nothing else is displayed on the browser itself. I searched the net but I wasn't able to find a thread about this issue. squid.conf is the original one, I added only support for delay-pools and acls to deny some client to access to certain sites. But even with these options disabled, the problem is still present. Does anyone have any idea? Thank you. Alex -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-3-1-and-https-ssl-aes256-issue-tp4655249.html Sent from the Squid - Users mailing list archive at Nabble.com.