Re: ssl isues are Eating me alive.

[Darac Marjal <mailinglist@darac.org.uk>]

It looks[1] like Squid can do SSL Interception. I imagine it should be
possible, therefore, for squid to perform the HTTPS connection and
either downgrade it to HTTP or to re-encrypt it with a lower grade. YMMV


[1] http://wiki.squid-cache.org/Features/HTTPS

On 13/04/17 18:01, Greg Wooledge wrote:
> On Thu, Apr 13, 2017 at 11:54:32AM -0500, Martin McCormick wrote:
>> This started out a year or so ago with the occasional site in
>> which lynx would report that it was unable to establish a TLS
>> connection with this or that site. [...]
> It's not just lynx.  It's EVERY single terminal-based browser, and
> as you noticed, it gets worse every day.
>
> Apparently all of the terminal-based browsers in wheezy and jessie are
> linked with libgnutls instead of libopenssl, and libgnutls (at least as
> provided by jessie) is completely incapable of forming an SSL connection
> with half of the Web.
>
> Every time someone in IRC pastes an https://* link, it's a roll of the
> dice whether I'll be able to open it in elinks.  https://paste.debian.net/
> is one example of a site that does not work.  If you remove the 's'
> and just go to http://paste.debian.net/ it's fine.
>
> Most other paste sites don't offer a working option like that.
>