Hacker News new | past | comments | ask | show | jobs | submit login

Wow, hello! So far it seems like the McAfee corporate products are the most common failures. I deal with about 20 calls a day within my company and from what I've heard this isn't a unique experience. The versions our security team use are probably about 3 years out of date but the new cloud product they're migrating to has shown similar symptoms where the connection fails and the client shows a standard 'Server Failed to Connect's. The team managing the existing proxy had provided some connection logs, I'll try and dig them out.



Found them. The comments from the security team suggest the (admittedly out of date) proxy appliance can’t handle the combination of modern TLS ciphers, H/2 and multiple hosts on a SAN cert, and in this scenario, results in a connection failure that from the end user perspective looks like a site issue. In the case of the new cloud service, the problem is specifically related to the new TLS versions and long lived connections, but which I haven’t been able to recreate from the corporate Akamai setup with the same site behind it. Small sample size though...


Thanks. Mind emailing me details? jgc @ cloudflare . com.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: