> that's a broken server the initial client hello handshake to be SSL2
> compatible, but then requires immediate protocol upgrade to SSL3 or
> TLSv1, but fails if the initial handshake is SSL3 or TLSv1. OpenSSL in
> somewhat current versions by default disable all use pf SSLv2 due to
> numerous weaknesses in the SSLv2 protocol and is as result normally
> sending an SSL3 client hello handshake.
>
> It's likely to hit problems some newer browsers as well, as SSL/TLS
> security is being tightened up.
>
> A workaround is to set ciphers to 'ALL:!COMPLEMENTOFDEFAULT' which
> somehow magically enables SSLv2 again. But it's not a very good idea as
> it may also enable some SSLv2 related attacks.
>
> Regards
> Henrik
>
Henrik,
I have tried adding the line "sslproxy_cipher ALL:!COMPLEMENTOFDEFAULT"
instead of specifying it in the http_port line.
It's still failing negotiation on the abbeynational request.
Any help would be much appreciated.
Thanks
Alex
Received on Sat Feb 11 2012 - 10:34:59 MST
This archive was generated by hypermail 2.2.0 : Sun Feb 12 2012 - 12:00:03 MST