Re: [squid-users] SSLv3

From: Henrik Nordstrom <hno@dont-contact.us>
Date: 16 Apr 2003 16:23:15 +0200

The SSL version is irrelevant when Squid is being used as a proxy. All
Squid knows about the SSL session is that the browser client X is having
a SSL session with host www.example.com on the internet, not which SSL
version or if it even is SSL...

Please note that due to technical reasons many browsers won't be able to
connect to SSLv3 ONLY web servers. Most browser by default connect using
SSLv2 and then negotiate the use of SSLv3 if available, but a SSLv3 ONLY
web server may not accept SSLv2 connections for good reasons..

ssldump may be able to tell you more information why the SSL sessions
fail. I do not think this is a Squid problem.

Regards
Henrik

tis 2003-04-15 klockan 18.36 skrev Marcelo Pereira da Silva:
> Hi there,
>
> Where can I explicity the version of SSL on Squid??
>
> I am using version 2.4 on RedHat 7.3. The squid.conf doesn't have the https_port clause to be configured, no I have no
> idea about changing the support to 1 (auto), 2 (SSLv2) or 3 (SSLv3).
>
> My problem is, all users have to authenticate, but they can access ``some'' HTTPS sites, while other HTTPS sites are not
> being accessed. These denied sites seens to be SSLv3, and I think my squid version doesn't suport it.
>
> Does anybody could help me??
>
> Regards,
>
> Marcelo Pereira
> Brazil

-- 
Free Squid-users support provided by Henrik Nordström <hno@squid-cache.org>
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid and
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com
Received on Wed Apr 16 2003 - 08:23:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:00 MST