[squid-users] Error negotiating SSL connection on FD 366 - cache.log

[Alex Rousskov]

On 6/30/21 6:41 AM, robert k Wild wrote:

> never really noticed this as i rarely "tail -f" the cache log but im
> noticing these lines like every second

> 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD 266:
> error:00000001:lib(0):func(0):reason(1) (1/-1)
> 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD 270:
> error:00000001:lib(0):func(0):reason(1) (1/-1)
> 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD 285:
> error:00000001:lib(0):func(0):reason(1) (1/0)

> is this something to be worried about

IMHO, you should worry about two things, at least:

1) The fact that you did not know about Squid complaints, especially
frequent ones. I do not think that constantly watching "tail -f" is the
answer here, but something in your Squid administration approach should
change to prevent similar lack of problem awareness in the future.

2) The fact that your Squid is complaining about something every second.
If the actual problem behind these errors does not deserve your
attention, then Squid should not be logging it at level 1 (and you
should complain that it does). Otherwise, the problem itself should be
addressed.

As for the error itself, it looks like your Squid cannot negotiate TLS
with some client(s). I do not know whether it is Squid's fault or the
client's. Enabling "ALL,9" debugging for a few seconds should be
sufficient to identify the client (at least by its IP address), which
may be enough to understand why the negotiation fails (or to give you
enough information to collect more details for triage).


HTH,

Alex.