Re: [squid-users] RE: TLS v1.2 support

Thu, 15 Mar 2012 18:52:23 -0700 

On 16/03/2012 6:50 a.m., Sébastien WENSKE wrote:

Hi Amos,

I used your patch, but no change:

FATAL: Unknown SSL option 'NO_TLSv1_1'
Squid Cache (Version 3.1.19-20120306-r10434): Terminated abnormally.

With only NO_SSLv2
[...]
2012/03/15 18:40:52.513| Initializing https proxy context
2012/03/15 18:40:52.514| Using SSLv2/SSLv3.
2012/03/15 18:40:52.514| Setting RSA key generation callback.
2012/03/15 18:40:52.514| Setting certificate verification callback.
2012/03/15 18:40:52.514| Setting CA certificate locations.
2012/03/15 18:40:52.514| Initializing https_port 172.16.1.10:443 SSL context
2012/03/15 18:40:52.514| Using SSLv2/SSLv3.
2012/03/15 18:40:52.514| Enabling quiet SSL shutdowns (RFC violation).
2012/03/15 18:40:52.515| Using chiper suite 
ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM.
2012/03/15 18:40:52.515| Using certificate in xxxxxxxxxxxxxxxxxxxxxxxx
2012/03/15 18:40:52.515| Using private key in xxxxxxxxxxxxxxxxxxxxxxxx
2012/03/15 18:40:52.515| Comparing private and public SSL keys.
2012/03/15 18:40:52.515| Setting RSA key generation callback.
2012/03/15 18:40:52.515| Setting CA certificate locations.
2012/03/15 18:40:52.515| Not requiring any client certificates
2012/03/15 18:40:52.515| leave_suid: PID 3335 called
2012/03/15 18:40:52.515| leave_suid: PID 3335 giving up root, becoming 'proxy'
2012/03/15 18:40:52.515| command-line -X overrides: ALL,1

strange.... :)
Very. Are you sure there is no other development verion of OpenSSL hanging around whose header files Squid is using? That NO_TLSv1_1 should have been found by any 1.* OpenSSL version, even if the 1.2 was not present. 

Amos




-----Original Message-----
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: jeudi 15 mars 2012 14:03
To: Sébastien WENSKE
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] RE: TLS v1.2 support

On 16/03/2012 1:09 a.m., Sébastien WENSKE wrote:

Thanks Amos for your quick reply,

I tried your recommendations but nothing works, I can't get TLS 1.2 to
work

I get a 404 error on your patch link

Hmm. Something broken in our personal directory mirroring. Try "west" on that instead of 
"www".


Amos

Reply via email to