[squid-users] SSL TAG_NONE/503 errors
Hugo Saavedra
hugo.saavedra.oteiza at gmail.com
Wed Dec 6 19:56:37 UTC 2017
solution finded: we commented the sslproxy_cipher line and it works!
is there any security issues if we left the default options for this variable?
thanks
Hugo
2017-12-06 16:21 GMT-03:00 Alex Rousskov <rousskov at measurement-factory.com>:
> On 12/06/2017 12:06 PM, Hugo Saavedra wrote:
>> 2017/12/06 16:02:37 kid1| Error negotiating SSL connection on FD 61:
>> error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
>> (1/0)
>
> You may be able to fix this problem by updating your collection of
> public CA certificates. Squid uses CA certificates to validate
> certificates presented by origin servers. You may be able to confirm
> that your collection is stale and know more (e.g., which CA certificate
> is unknown) if you can map the above error to an access.log entry that
> would give you the origin server name to interrogate.
>
> Similar reasoning applies to other SSL-related cache.log errors as well,
> but troubleshooting them may require more efforts (e.g., starting with a
> higher debugging levels and/or packet captures).
>
> Alex.
--
Saludos,
Hugo Saavedra
More information about the squid-users
mailing list