[squid-users] SSL TAG_NONE/503 errors
Yuri
yvoinov at gmail.com
Wed Dec 6 19:39:14 UTC 2017
Not necessarily certificates. Exactly the same code gives the SSL pinning.
07.12.2017 1:21, Alex Rousskov пишет:
> On 12/06/2017 12:06 PM, Hugo Saavedra wrote:
>> 2017/12/06 16:02:37 kid1| Error negotiating SSL connection on FD 61:
>> error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>> (1/0)
> You may be able to fix this problem by updating your collection of
> public CA certificates. Squid uses CA certificates to validate
> certificates presented by origin servers. You may be able to confirm
> that your collection is stale and know more (e.g., which CA certificate
> is unknown) if you can map the above error to an access.log entry that
> would give you the origin server name to interrogate.
>
> Similar reasoning applies to other SSL-related cache.log errors as well,
> but troubleshooting them may require more efforts (e.g., starting with a
> higher debugging levels and/or packet captures).
>
> Alex.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
--
"Some people, when confronted with a problem, think «I know, I'll use regular expressions.» Now they have two problems."
--Jamie Zawinsk
**************************
* C++: Bug to the future *
**************************
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 512 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171207/756ae251/attachment.sig>
More information about the squid-users
mailing list