SSL / TLS

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL / TLS

Squid users-2

Slightly off topic but am I correct in thinking TLS supersedes SSL?


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL / TLS

Antony Stone
On Thursday 20 December 2018 at 11:06:58, Squid users wrote:

> Slightly off topic but am I correct in thinking TLS supersedes SSL?

Short answer: yes.

Long answer: https://en.wikipedia.org/wiki/Transport_Layer_Security


Antony.

--
#define SIX 1+5
#define NINE 8+1

int main() {
    printf("%d\n", SIX * NINE);
}
        - thanks to ECB for bringing this to my attention

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: SSL / TLS

Alex Rousskov
In reply to this post by Squid users-2
On 12/20/18 3:06 AM, Squid users wrote:
> Slightly off topic but am I correct in thinking TLS supersedes SSL?

Yes, the protocol name has changed. Newer versions are called TLS.

However, please keep in mind that the term "SSL" is commonly used to
describe "secure" connections and related technologies, regardless of
the specific protocol being used for that security. Squid still uses
that classic "SSL" terminology, especially in old documentation and
code. In most cases where exact identifiers are not required, the
letters "SSL" and "TLS" are used interchangeably.

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Squid 4.4 + sslbump cannot open specific URL: ESI Processing failed

Schroeffu
In reply to this post by Antony Stone
Hi all,

I am getting the following error while opening https://www.hawesko.de with Squid 4.4 and sslbump.
Deactivate bumping makes the error disappear.

Error:
----------
The following error was encountered while trying to retrieve the URL: https://www.hawesko.de

ESI Processing failed.

The ESI processor returned:

esiProcess: Parse error at line 1:
not well-formed (invalid token)
This means that the surrogate was not able to process the ESI template. Please report this error to
the webmaster.
-----------

The only "special" thing I see is, this target website is using a wildcard certificate.

Anyone else can reproduce the issue with its squid 4.4 and sslbump?

Many Regards!
Schroeffu
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Squid 4.4 + sslbump cannot open specific URL: ESI Processing failed

Amos Jeffries
Administrator
On 22/12/18 4:42 am, [hidden email] wrote:

> Hi all,
>
> I am getting the following error while opening https://www.hawesko.de with Squid 4.4 and sslbump.
> Deactivate bumping makes the error disappear.
>
> Error:
> ----------
> The following error was encountered while trying to retrieve the URL: https://www.hawesko.de
>
> ESI Processing failed.
>

<https://bugs.squid-cache.org/show_bug.cgi?id=4880>

A quick check confirms the server is producing ESI Surrogate headers
without having been asked and without the content actually being ESI. It
is a known bug that SSL-Bump enables the ESI logic. A patch can be found
at <https://github.com/squid-cache/squid/pull/304>

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users