[squid-users] Error negotiating SSL connection on FD 366 - cache.log
robert k Wild
robertkwild at gmail.com
Wed Jun 30 15:48:39 UTC 2021
Thanks Alex,
How do I enable all 9 debugging to find out what client ip it is thats
sending all these tls errors.
There's a lot of mac/pcs that are connected to this squid server and I have
added the myca.der file to there machines as I'm doing ssl bumping.
Thanks,
Rob
On Wed, 30 Jun 2021, 16:16 Alex Rousskov, <rousskov at measurement-factory.com>
wrote:
> On 6/30/21 6:41 AM, robert k Wild wrote:
>
> > never really noticed this as i rarely "tail -f" the cache log but im
> > noticing these lines like every second
>
> > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD 266:
> > error:00000001:lib(0):func(0):reason(1) (1/-1)
> > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD 270:
> > error:00000001:lib(0):func(0):reason(1) (1/-1)
> > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD 285:
> > error:00000001:lib(0):func(0):reason(1) (1/0)
>
> > is this something to be worried about
>
> IMHO, you should worry about two things, at least:
>
> 1) The fact that you did not know about Squid complaints, especially
> frequent ones. I do not think that constantly watching "tail -f" is the
> answer here, but something in your Squid administration approach should
> change to prevent similar lack of problem awareness in the future.
>
> 2) The fact that your Squid is complaining about something every second.
> If the actual problem behind these errors does not deserve your
> attention, then Squid should not be logging it at level 1 (and you
> should complain that it does). Otherwise, the problem itself should be
> addressed.
>
> As for the error itself, it looks like your Squid cannot negotiate TLS
> with some client(s). I do not know whether it is Squid's fault or the
> client's. Enabling "ALL,9" debugging for a few seconds should be
> sufficient to identify the client (at least by its IP address), which
> may be enough to understand why the negotiation fails (or to give you
> enough information to collect more details for triage).
>
>
> HTH,
>
> Alex.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210630/dffd486b/attachment.htm>
More information about the squid-users
mailing list