Mike Lothian

I know I sound like a broken record, but I would like to get this fixed upsteam, we've been using the original fix from https://github.com/squid-cache/squid/pull/947 for over a year to...

Gentoo: FireBurn Overlay I've added pba as a use flag to the wine-any-3.3.ebuild in my overlay

This is the script I'm using to build HAProxy with WolfSSL: ``` HAPROXY_VERSION=3.0.0 LUA_VERSION=5.4.6 WOLFSSL_VERSION=5.7.0 # Keep a note of the current working directory export JENKINS_DIR=$(pwd) export PREFIX=${JENKINS_DIR}/apps/haproxy export HAPROXY_BRANCH=${HAPROXY_VERSION:0:3}...

Here's the openssl output with HAProxy built with WolfSSL: ``` openssl s_client -tls1_2 -connect server:10083 CONNECTED(00000005) depth=2 redacted verify error:num=19:self signed certificate in certificate chain verify return:0 write W BLOCK...

> So I made more tests, and this look like the "ciphers" directive of WolfSSL is impacting the ciphersuites, that's why you can't match ciphers with TLSv1.3. > > ```...

I've recompiled with https://github.com/haproxy/haproxy/commit/711338e1ceb061db0a5c832acdea8edbeafa712f and using just --enable-haproxy and --enable-quic same results - tls1.3 still shows up, tls 1.2 (or lower) doesn't sslscan is our goto tool for checking ciphersuites...

Spotted this warning, it's probably unrelated though: ``` src/session.c: In function ‘session_kill_embryonic’: src/session.c:393:10: warning: null pointer dereference [-Wnull-dereference] if (conn->err_code == CO_ER_SSL_HANDSHAKE && ssl_ctx && ssl_ctx->error_code != 0) { ~~~~^~~~~~~~~~...

There's defiantly issues, I swapped the binaries over and saw the BADREQ in the logs and things simply weren't working, that's when I used sslscan - which I assumed was...

Try my fork. The work was done by @uubk I added a few commits to make it work for me

Nope, I've not needed it for docker