proxy with ssl, support TLS v1.2 instead of SSLv2/3
Brought to you by:
supersandro2000,
wimpunk
Menu
▾
▴
#95 proxy with ssl, support TLS v1.2 instead of SSLv2/3
We have a firewall and also have a squid setup as http proxy. When ddclient configured to use proxy with ssl, it always failed to connect squid since Perl module reported error of SSL23 saw unknown protocol.
We assume this could be caused by issue of not supporting TLS v1.2.
DEBUG: proxy = http://squid:911
DEBUG: url = https://api.cloudflare.com/client/v4/zones?name=XXX
DEBUG: server = api.cloudflare.com
CONNECT: api.cloudflare.com via proxy squid:911
WARNING: cannot connect to squid:911 socket: SSL connect attempt failed error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol SSL connect attempt failed error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
FAILED: updating XXX: Could not connect to api.cloudflare.com/client/v4.
Then, we tried to setup squid to support https_port in additional to http_port. (Let see how make things better later)
DEBUG: .../IO/Socket/SSL.pm:2700: new ctx 22412896
DEBUG: .../IO/Socket/SSL.pm:612: socket not yet connected
DEBUG: .../IO/Socket/SSL.pm:614: socket connected
DEBUG: .../IO/Socket/SSL.pm:636: ssl handshake not started
DEBUG: .../IO/Socket/SSL.pm:669: using SNI with hostname XXX
DEBUG: .../IO/Socket/SSL.pm:704: request OCSP stapling
DEBUG: .../IO/Socket/SSL.pm:723: set socket to non-blocking to enforce timeout=120
DEBUG: .../IO/Socket/SSL.pm:736: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:739: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:749: ssl handshake in progress
DEBUG: .../IO/Socket/SSL.pm:759: waiting for fd to become ready: SSL wants a read first
DEBUG: .../IO/Socket/SSL.pm:779: socket ready, retrying connect
DEBUG: .../IO/Socket/SSL.pm:736: call Net::SSLeay::connect
DEBUG: .../IO/Socket/SSL.pm:739: done Net::SSLeay::connect -> -1
DEBUG: .../IO/Socket/SSL.pm:742: SSL connect attempt failed
DEBUG: .../IO/Socket/SSL.pm:742: local error: SSL connect attempt failed error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
DEBUG: .../IO/Socket/SSL.pm:745: fatal SSL error: SSL connect attempt failed error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
DEBUG: ...5.22/IO/Socket.pm:48: ignoring less severe local error 'IO::Socket::IP configuration failed', keep 'SSL connect attempt failed error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol'
DEBUG: .../IO/Socket/SSL.pm:2733: free ctx 22412896 open=22412896
DEBUG: .../IO/Socket/SSL.pm:2738: free ctx 22412896 callback
DEBUG: .../IO/Socket/SSL.pm:2745: OK free ctx 22412896