[squid-users] SSL TAG_NONE/503 errors
Alex Rousskov
rousskov at measurement-factory.com
Wed Dec 6 19:21:56 UTC 2017
On 12/06/2017 12:06 PM, Hugo Saavedra wrote:
> 2017/12/06 16:02:37 kid1| Error negotiating SSL connection on FD 61:
> error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> (1/0)
You may be able to fix this problem by updating your collection of
public CA certificates. Squid uses CA certificates to validate
certificates presented by origin servers. You may be able to confirm
that your collection is stale and know more (e.g., which CA certificate
is unknown) if you can map the above error to an access.log entry that
would give you the origin server name to interrogate.
Similar reasoning applies to other SSL-related cache.log errors as well,
but troubleshooting them may require more efforts (e.g., starting with a
higher debugging levels and/or packet captures).
Alex.
More information about the squid-users
mailing list