On 04/23/2015 9:24 am, dweimer wrote:
I upgraded our Reverse proxy from 3.4.12 to 3.5.3 via the FreeBSD
ports last night. It has broken our Outlook RPC over HTTPS. OWA and
Phones are still connecting with Active Sync, its just the RPC for
Outlook anywhere that is broken.
Did anyone else have any issues when upgrading from 3.4 branch to 3.5
branch with Outlook RPC?
In case anyone else is having an issue, I found the solution. Which also
solved a long standing issue with larger file uploads through
OWA/ActiveSync/RPC, that we were having. I had to force the cache peer
to use SSLv3 instead of TLSv1.0 by adding sslversion=3 to the cache peer
line.
cache_peer 1.1.1.1 parent 443 0 ssl no-query proxy-only no-digest
originserver name=exchange2010_parent sslflags=DONT_VERIFY_PEER
login=PASSTHRU front-end-https=on connection-auth=on sslversion=3
The HTTPS port line is still enforcing TLSv1.0 or newer, with restricted
ciphers.
https_port 1.1.1.2:443 accel cert=... key=...
options=NO_SSLv2:NO_SSLv3:CIPHER_SERVER_PREFERENCE
cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:+HIGH:+MEDIUM:!SSLv2:!RC4
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
