[squid-users] Default host_verify_strict behavior appears to have changed as of 3.5.25
steveno
soakley at expedia.com
Wed Feb 7 18:23:17 UTC 2018
OK this may be irrelevant to the "host_verify_strict" setting, its just when
I looked at the messages like "2018/02/07 17:57:45 kid1| SECURITY ALERT: on
URL: sqs.us-west-2.amazonaws.com:443" in the cache.log it led me to believe
this was a feature of "RFC 2616 section 14.23" and that the default setting
of host_verify_strict off would log these errors and allow access to these
sites.
On 3.5.20 the access log appeared to have very few 409 status returns.
Since going to 3.5.25 and now 3.5.27 incase recent changes fixed the
behavior I was seeing there are many 409 status returned in the logs and
many more SSL issues talking to sites like AWS that use a number of IP
address's that might not be able to be verified.
It seems either I use 3.5.20 and restart squid when the FD's get close to
maximum or I have these SSL problems with client connections, what is needed
to try and investigate this further as it appears to have changed with the
bug fix 4508.
Thanks.
Steve.
--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
More information about the squid-users
mailing list