[squid-users] SSL negotiation errors on https_port

Alex Rousskov rousskov at measurement-factory.com
Thu Oct 17 21:32:50 UTC 2019

On 10/17/19 4:52 PM, Robert wrote:

> I see many lines like these in the cache.log file:

> 2019/10/17 22:38:33.552 kid1| Error negotiating SSL connection on FD 44: error:00000001:lib(0):func(0):reason(1) (1/-1)

OpenSSL refused to accept a TLS client connection with a generic

    A non-recoverable, fatal error in the SSL library occurred, usually
    a protocol error.  The OpenSSL error queue contains more information
    on the error.

AFAICT, Squid does not have the code to examine OpenSSL error queue
beyond the surface level (shown in your cache.log), but that does not
mean there is actually more information in that queue in your particular
case. Said that, quality pull requests (or sponsorship for) adding deep
error queue inspection support are welcomed.

I trust there are no other potentially relevant ERRORs and WARNINGs in
your cache.log.

It sounds like you can trivially reproduce the problem. If so, a capable
developer with access to your box should be able to triage it further.

> Is it just related to the ssl handshake and not to worry about?

It is most likely related to the SSL handshake. FWIW, I would worry
about it because it should not be happening under normal conditions.



More information about the squid-users mailing list