Re: ssl isues are Eating me alive.
- Date: Thu, 13 Apr 2017 21:04:01 +0100
- From: Darac Marjal <mailinglist@xxxxxxxxxxxx>
- Subject: Re: ssl isues are Eating me alive.
It looks like Squid can do SSL Interception. I imagine it should be
possible, therefore, for squid to perform the HTTPS connection and
either downgrade it to HTTP or to re-encrypt it with a lower grade. YMMV
On 13/04/17 18:01, Greg Wooledge wrote:
> On Thu, Apr 13, 2017 at 11:54:32AM -0500, Martin McCormick wrote:
>> This started out a year or so ago with the occasional site in
>> which lynx would report that it was unable to establish a TLS
>> connection with this or that site. [...]
> It's not just lynx. It's EVERY single terminal-based browser, and
> as you noticed, it gets worse every day.
> Apparently all of the terminal-based browsers in wheezy and jessie are
> linked with libgnutls instead of libopenssl, and libgnutls (at least as
> provided by jessie) is completely incapable of forming an SSL connection
> with half of the Web.
> Every time someone in IRC pastes an https://* link, it's a roll of the
> dice whether I'll be able to open it in elinks. https://paste.debian.net/
> is one example of a site that does not work. If you remove the 's'
> and just go to http://paste.debian.net/ it's fine.
> Most other paste sites don't offer a working option like that.