[squid-users] Squid fails to bump where there are too many DNS names in SAN field

Ahmad, Sarfaraz Sarfaraz.Ahmad at deshaw.com
Wed Sep 5 08:37:35 UTC 2018

Tested with Squid-4.2 and ended with same results. 
How do we proceed here ?

-----Original Message-----
From: Alex Rousskov <rousskov at measurement-factory.com> 
Sent: Tuesday, September 4, 2018 9:14 PM
To: Ahmad, Sarfaraz <Sarfaraz.Ahmad at deshaw.com>; squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid fails to bump where there are too many DNS names in SAN field

On 09/04/2018 02:00 AM, Ahmad, Sarfaraz wrote:

> 2018/09/04 12:45:46.112 kid1| 24,5| BinaryTokenizer.cc(47) want: 520 more bytes for Handshake.msg_body.octets occupying 16900 bytes @90 in 0xfa4d70;
> 2018/09/04 12:45:46.112 kid1| 83,5| PeerConnector.cc(451) noteWantRead: local= remote= FD 15 flags=1

Translation: Squid did not read enough data from the server to finish
parsing TLS server handshake. Squid needs to read at least 520 more
bytes from FD 15.

> Later on after about 10 secs

> 2018/09/04 12:45:58.124 kid1| 83,5| bio.cc(140) read: FD 12 read 0 <= 65535

And end-of-file on the wrong/different connection.

My recommendations remain the same, but please follow Amos advice and
upgrade to the latest v4 first.

Please note that I do _not_ recommend analyzing ALL,9 logs. On average,
such analysis by non-developers wastes more time than it saves.


More information about the squid-users mailing list