On 03.06.2012 22:23, alextouch wrote:
Hi
this is my first post... last month I installed a linux ubuntu server
12.04
LTS machine with Squid3 in my organization. This machine works as a
proxy
(not transparent proxy) for the web access from clients.
Proxy is connected to a gateway for internet connection.
Clients are configured so that all web (http, https, ftp, socks)
trafic goes
through the squid proxy.
All works fine, clients are able to access to all type of internet
trafic,
including https sites encrypted with aes128 (like gmail, or
https://www1.directatrading.com/).
But no client is able to access to sites encrypted with aes256 (like
https://www.unicredit.it/)... the browser locks with "Connecting to
https://www......."; and nothing else is displayed on the browser
itself.
I searched the net but I wasn't able to find a thread about this
issue.
squid.conf is the original one, I added only support for delay-pools
and
acls to deny some client to access to certain sites. But even with
these
options disabled, the problem is still present.
Does anyone have any idea?
In the standard setup like this Squid has nothing to do with the SSL or
TLS operations. The browser simply opens a CONNECT tunnel through Squid.
The encryption details are negotiated directly between the browser and
origin server.
It is most likely that your clients browsers or SSL libraries are
missing AES-256 support or are getting stuck negotiating to use a
version of TLS/SSL which supports it.
Amos
