you fastcgi-process is not accessible by nginx either to slow or not corresponding at all.15208#0: *3 recv() failed (104: Connection reset by peer) while reading response header from. I issues is new to me, i was using nginx+hhvm and nothing like this for over 2 months. can you confirm/deny a change of visitors-count around that day?ħ 11:42:47 3918#0: *52 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: A.B.C.D, server:, request: 'GET php-fpm (php7).what is the uptime of your fastcgi/nginx - process?.I'd always trust if my webservers are telling me: 502 Bad Gateway So it works with TLSv1 if you don't include all ciphers openssl has:( – Jun 13 '14 at 12:10 : it looks like there is a broken load balancer in front which cannot deal with larger client hellos (known problem with older F5). And I don't use squid myself, so I cannot send you the config.Īs for usc-excel. So you have to find out which hosts cause problems, setup an acl 'brokensites' and do 'ssl_bump none brokensites' as described in the documentation. There are no ACLs for exceptions, there are ACLs for hosts. Make explicit exceptions for these servers, so that they don't get SSL bumped.If they cannot even update their servers to recent TLS versions they have probably a lot more security problems. Don't use servers which cannot deal with modern TLS.This is bad for security and will probably cause other problems, when servers refuse to connect with SSLv3 for security reasons. Downgrade everything to SSLv3 like you propose.I don't think squid implements any logic to automatically retry and SSL downgrade if the connection failed. Now I know openssl doesn't automatically handle that. My question: is there a better way to do this which does not involve enforcing SSLv3 for servers supporting TLS1 or better. Sites which should work:, As a workaround I have set sslproxy_version=3, which enforces SSLv3 and above sites work. I'm getting the dreaded Error 54, Connection reset by peer when trying to do a POST to a URL with a payment provider I'm using. Now it works for most sites, but some sites which support old SSL proto(sslv3) break, and I see squid not employing any workarounds for those like browsers do. I am setting proxy in firefox(29) to use squid for https/http. Thanks I have configured squid(3.4.2) as ssl bumped proxy. Important: I have this question on stackoverflow but somebody told me this is more relevant place for this question.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |