[squid-users] TCP_TUNNEL/500 in squid logs in squid 5.9

sachin gupta sachin1.g at gmail.com
Thu May 25 15:20:31 UTC 2023 

Hi All

We are migrating for squid 4.15 to squid 5.9. We are running our existing
test suite to check if we pass our sanity testing.

For requests in transparent mode, though request passes and client get 200,
in squid logs we are getting TCP_TUNNEL/500. We were not getting this issue
with squid 4.15.

*Client logs*

curl -v https://origin/cache/0

*   Trying 10.80.96.68:443...

* TCP_NODELAY set

* Connected to origin (10.80.96.68) port 443 (#0)

* ALPN, offering h2

* ALPN, offering http/1.1

* Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH

* successfully set certificate verify locations:

*   CAfile: /etc/pki/tls/certs/ca-bundle.crt

  CApath: none

* TLSv1.2 (OUT), TLS header, Certificate Status (22):

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server key exchange (12):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA

* ALPN, server did not agree to a protocol

* Server certificate:

*  subject: C=US; ST=CA; L=SF; O=SFDC;
OU=0:ns.tester;1:mvp;2:mist51;3:na44;4:dev1; CN=origin

*  start date: Jul 26 06:59:41 2022 GMT

*  expire date: Jul 26 06:59:41 2023 GMT

*  subjectAltName: host "origin" matched cert's "origin"

*  issuer: C=US; ST=CA; L=SF; O=SFDC; OU=Edge; CN=ca

*  SSL certificate verify ok.

> GET /cache/0 HTTP/1.1

> Host: origin

> User-Agent: curl/7.67.0

> Accept: */*

>

* Mark bundle as not supporting multiuse

< HTTP/1.1 200 OK

< Server: origin

< Date: Thu, 25 May 2023 15:08:57 GMT

< Connection: close

< Content-Type: application/json

< Content-Length: 162

< Cache-Control: public, max-age=0

< Access-Control-Allow-Origin: *

< Access-Control-Allow-Credentials: true

<

{"args":{},"headers":{"Accept":"*/*","Host":"origin","User-Agent":"curl/7.67.0","X-Origin-Server":"origin"},"origin":"10.80.96.3","url":"
https://origin/cache/0"}

* Closing connection 0

* TLSv1.2 (OUT), TLS alert, close notify (256):


Squid access logs


[25/May/2023:15:08:57]      31 10.80.96.6:51028 - NONE_NONE/000 0 CONNECT
10.80.96.68:443 tester HIER_NONE/- - - tester 746573746572 dagobah [-] -
[-] - [-] - 0 0 - - [origin]

[25/May/2023:15:08:57]     40 10.80.96.6:51028 - *TCP_TUNNEL/500* 800
CONNECT origin:443 tester HIER_DIRECT/origin 10.80.96.68 - tester
746573746572 dagobah [-] - [-] - [-] - 1969 2769 4 33 [origin]


Can someone please help in this.


Regards

Sachin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230525/7d8f166a/attachment-0001.htm>

More information about the squid-users mailing list