[squid-users] Some websites doesn't work with squid anymore

Yuri yvoinov at gmail.com
Mon Jun 27 14:40:33 UTC 2016 

Forgot about it: during testing reddit connectivity via squid squid 
itself got errors in cache.log:

2016/06/27 20:37:21 kid1| Error negotiating SSL on FD 7: 
error:00000000:lib(0):func(0):reason(0) (5/0/0)
2016/06/27 20:37:22 kid1| Error negotiating SSL on FD 10: 
error:00000000:lib(0):func(0):reason(0) (5/0/0)
2016/06/27 20:37:36 kid1| Error negotiating SSL on FD 7: 
error:00000000:lib(0):func(0):reason(0) (5/0/0)
2016/06/27 20:37:51 kid1| Error negotiating SSL on FD 7: 
error:00000000:lib(0):func(0):reason(0) (5/0/0)
2016/06/27 20:38:06 kid1| Error negotiating SSL on FD 7: 
error:00000000:lib(0):func(0):reason(0) (5/0/0)
2016/06/27 20:38:21 kid1| Error negotiating SSL on FD 7: 
error:00000000:lib(0):func(0):reason(0) (5/0/0)

Of course, this can be bug 4497. But it not visible to any excluding me. :)

27.06.2016 20:32, Amos Jeffries пишет:
> [ Please reply to the mailing list I dont do private support except for
> paying customers. And you have not arranged for that in advance. ]
>
> On 28/06/2016 2:06 a.m., Adam Wright wrote:
>> - Ok, ISP will see my http traffic, but will the ISP see which websites I'm
>> surfing?
> If anyone can see HTTP traffic they can see what the traffic is about.
>
>
>> - Browser is using the proxy. But access.log only shows the websites which
>> the browser connected successfully. For example I see cisco.com which I
>> entered minutes ago for Yuri.
>>
>> 1467035091.072  15004 85.107.208.29 TCP_MISS/200 246 CONNECT
>> supportforums.cisco.com:443 yeni DIRECT/141.101.115.192
> The proxy log records every transaction through the proxy, at the time
> that transaction completed. Whether it succeeded or not. Anything that
> get started is prone to being logged.
>
> In the case above it was a CONNECT tunnel transferring some TLS wrapped
> protocol - probably HTTPS, SPDY or WebSockets on port 443. It took
> 15.004 seconds to do whatever took 246 bytes to transfer.
>
> So nothing in the log indicates either the browser is *not* using the
> proxy for those transactions, or they are still ongoing as far as Squid
> is concerned.
>
> It could be a case of browser using SPDY, QUICK or WebSockets protocols
> instead of HTTP inside a TLS tunnel, or directly without the proxy.
> Particularly if Chrome is involved.
>
> The case of ongoing connections is unfortunate. You can tune Squid
> timeouts somewhat to make the proxy more sensitive and do its failover
> to working destinations faster. But otherwise its a browser specific
> problem that can only be fixed by the browser.
>
> It might be that whatever was happening inside that tunnel above got
> stuck and timed out. To Squid the tunnel is opaque, so any type of error
> in there is strictly between the browser and server.
>
> The tiny size on that log entry makes me suspect its TLS handshake
> hanging and a 15sec timeout somewhere closes it down. If so the issue is
> not Squid, its whatever in the server or browser is causing the TLS to hang.
>
>> - Right now I'm using maxthon, it also says "Error code 101
>> (net::ERR_CONNECTION_RESET)" while I try to connect to those xxx websites.
>>
> That seems to mean the proxy is closing the connection. But that would
> mean the proxy is aware of it ending and record in the log what
> transaction finished with aborting the connection.
>
> If there no log record, thats a very strong sign that the browser is not
> using the proxy for that request.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

More information about the squid-users mailing list