Hacker News new | past | comments | ask | show | jobs | submit login

The only caveat I’ve found so far is that a number of browsers and especially corporate proxies do not support the certificates and SSL protocols used by CloudFlare

Which browsers and which proxies?




Wow, hello! So far it seems like the McAfee corporate products are the most common failures. I deal with about 20 calls a day within my company and from what I've heard this isn't a unique experience. The versions our security team use are probably about 3 years out of date but the new cloud product they're migrating to has shown similar symptoms where the connection fails and the client shows a standard 'Server Failed to Connect's. The team managing the existing proxy had provided some connection logs, I'll try and dig them out.


Found them. The comments from the security team suggest the (admittedly out of date) proxy appliance can’t handle the combination of modern TLS ciphers, H/2 and multiple hosts on a SAN cert, and in this scenario, results in a connection failure that from the end user perspective looks like a site issue. In the case of the new cloud service, the problem is specifically related to the new TLS versions and long lived connections, but which I haven’t been able to recreate from the corporate Akamai setup with the same site behind it. Small sample size though...


Thanks. Mind emailing me details? jgc @ cloudflare . com.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: