Re: ssl isues are Eating me alive.

2017-04-17 Thread Sven Hoexter
On Sat, Apr 15, 2017 at 08:11:13PM +0300, Reco wrote: Hi, > AFAIK jessie is the last Debian release that provides curl linked with > openssl. We've three flavour of libcurl in the archive and the current "default" is the one linked against openssl. libcurl3 - easy-to-use client-side URL transfer

Re: ssl isues are Eating me alive.

2017-04-17 Thread Sven Hoexter
On Thu, Apr 13, 2017 at 09:04:01PM +0100, Darac Marjal wrote: > It looks[1] like Squid can do SSL Interception. I imagine it should be > possible, therefore, for squid to perform the HTTPS connection and > either downgrade it to HTTP or to re-encrypt it with a lower grade. YMMV Well automatic down

Re: ssl isues are Eating me alive.

2017-04-15 Thread Reco
Hi. On Sat, 15 Apr 2017 15:14:29 + (UTC) david...@freevolt.org wrote: > On Fri, 14 Apr 2017, Reco wrote: > > > Hi. > > > > On Thu, Apr 13, 2017 at 01:01:24PM -0400, Greg Wooledge wrote: > >> On Thu, Apr 13, 2017 at 11:54:32AM -0500, Martin McCormick wrote: > >>> This started out

Re: ssl isues are Eating me alive.

2017-04-15 Thread davidson
On Fri, 14 Apr 2017, Reco wrote: Hi. On Thu, Apr 13, 2017 at 01:01:24PM -0400, Greg Wooledge wrote: On Thu, Apr 13, 2017 at 11:54:32AM -0500, Martin McCormick wrote: This started out a year or so ago with the occasional site in which lynx would report that it was unable to establish a

Re: ssl isues are Eating me alive.

2017-04-14 Thread Reco
Hi. On Thu, Apr 13, 2017 at 01:01:24PM -0400, Greg Wooledge wrote: > On Thu, Apr 13, 2017 at 11:54:32AM -0500, Martin McCormick wrote: > > This started out a year or so ago with the occasional site in > > which lynx would report that it was unable to establish a TLS > > connection with thi

Re: ssl isues are Eating me alive.

2017-04-13 Thread Martin McCormick
Greg Wooledge writes: > Apparently all of the terminal-based browsers in wheezy and jessie are > linked with libgnutls instead of libopenssl, and libgnutls (at least as > provided by jessie) is completely incapable of forming an SSL connection > with half of the Web. > > Every time someone in IRC

Re: ssl isues are Eating me alive.

2017-04-13 Thread Darac Marjal
It looks[1] like Squid can do SSL Interception. I imagine it should be possible, therefore, for squid to perform the HTTPS connection and either downgrade it to HTTP or to re-encrypt it with a lower grade. YMMV [1] http://wiki.squid-cache.org/Features/HTTPS On 13/04/17 18:01, Greg Wooledge wrote

Re: ssl isues are Eating me alive.

2017-04-13 Thread Greg Wooledge
On Thu, Apr 13, 2017 at 11:54:32AM -0500, Martin McCormick wrote: > This started out a year or so ago with the occasional site in > which lynx would report that it was unable to establish a TLS > connection with this or that site. [...] It's not just lynx. It's EVERY single terminal-based browser