[squid-users] 3.5.4 Can't access Google or Yahoo SSL pages
Chris Palmer
chris9 at cpalmer.me.uk
Mon May 4 08:53:11 UTC 2015
There has been a change in behaviour in 3.5.4. It now really does prefer
to contact a site using an ipv6 address rather than a v4. The network
stack here doesn't permit v6 so the traffic to sites such as google was
failing. Setting the following restored the previous behaviour:
dns_v4_first on
Thanks to Dan Charlesworth for pointing me in the correct direction.
Chris
On 03/05/15 18:01, Chris Palmer wrote:
> Two other reports of the same problem (accessing some SSL sites) after
> upgrading to Squid 3.5.4...
>
> https://bugs.archlinux.org/task/44811
>
> I'm at a bit of a loss to know where to start looking.
> Just in case, I tried disabling ICAP (was using it for clamav) but no
> difference.
>
> Chris
>
>> Send squid-users mailing list submissions to
>> Date: Sat, 2 May 2015 12:07:13 +0100
>> From: "Chris Palmer" <chris9 at cpalmer.me.uk>
>> To: squid-users at lists.squid-cache.org
>> Subject: [squid-users] 3.5.4 Can't access Google or Yahoo SSL pages
>> Message-ID: <4d032c7eb0e7e4d04a3583b16bca73ff.squirrel at cpalmer.me.uk>
>> Content-Type: text/plain;charset=iso-8859-1
>>
>> I just built 3.5.4 and deployed (on FC21). Most pages work, but SSL to
>> e.g. Google and Yahoo fail. It is easily provoked by simply using the
>> search bar in firefox or IE.
>>
>> Cache.log contains entries such as
>>
>> 2015/05/02 11:51:34 kid1| local=[::] remote=[2a00:1450:400c:c05::93]:443
>> FD 13 flags=1: read/write failure: (107) Transport endpoint is not
>> connected
>>
>> Most SSL sites are ok, and all non-SSL sites I have tried. I am not
>> using
>> SSL-Bump.
>>
>> It was built using eactly the same options as 3.5.3. Anyone else
>> experiencing this? Otherwise I will have to dig deeper...
>>
>> Many thanks
>> Chris
>>
>
More information about the squid-users
mailing list