Hi, I am currently squid-cache in hierarchy setup, with TLS enabled throughout.
client --> child Squid --> parent Squid --> web server Openssl version: 1.0.2k This setup is working for 3.5.20. But when I updated to squid 4(tried 4.8, 4.11 and 4.13), initial HTTP request goes through, but TLS renegotiation is failing between child and parent squid for the following requests. >From the logs, it looks like child squid is trying to initialize TLS renegotiating using old TLS session ID, but parent squid is rejecting session resumption. I confirm this behavior using openssl s_client --reconnect option. I tried to disabled client initialed TLS renegotiating by setting tls-options=NO_TICKET (on child squid), but it is affecting the behavior. Are there any changes in default TLS renegotiation behavior between squid 3.5 and 4.x? Is there a way to disable the client (child squid) initialized TLS renegotiation in squid 4? Thanks, Manoj
_______________________________________________ squid-users mailing list [email protected] http://lists.squid-cache.org/listinfo/squid-users
