[squid-users] Squid 4.4 + SSL bump: Squid is crashing completely opening https://www.drcleaner.com/de/dr-cleaner/

info at schroeffu.ch info at schroeffu.ch
Wed Dec 5 09:26:27 UTC 2018 

> Hi,
> 
> Works “well” on my squid v 4.4 (patched) “ debian 9.
> 
> Although the site does not load well, squid does not die:
> 
> (…)
> 
> TCP_MISS/502 1609 GET https://cache.drcleaner.com/extend/home/js/jquery-2.0.0.min.js -
> ORIGINAL_DST/99.84.27.102 text/html
> 
> TCP_MISS/403 684 GET
> https://s3-us-west-2.amazonaws.com/trustedsite-public/host/drcleaner.com/client.js -
> ORIGINAL_DST/52.218.200.72 application/xml
> 
> TCP_MISS/502 1609 GET https://cache.drcleaner.com/extend/home/css/index.css -
> ORIGINAL_DST/99.84.27.102 text/html
> 
> TCP_MISS/502 1609 GET https://cache.drcleaner.com/extend/home/css/bootstrap.min.css -
> ORIGINAL_DST/99.84.27.102 text/html
> 
> TCP_MISS/502 1609 GET https://cache.drcleaner.com/extend/home/js/jquery-2.0.0.min.js -
> ORIGINAL_DST/99.84.27.102 text/html
> 
> TCP_MISS/502 1609 GET https://cache.drcleaner.com/extend/home/js/jquery.screw.js -
> ORIGINAL_DST/99.84.27.102 text/html
> 
> TCP_MISS/502 1609 GET https://cache.drcleaner.com/extend/home/js/bg_pro.js -
> ORIGINAL_DST/99.84.27.102 text/html
> 
> TCP_MISS/502 1609 GET https://cache.drcleaner.com/extend/home/js/mobile.js -
> ORIGINAL_DST/99.84.27.102 text/html
> 
> TCP_MISS/502 1609 GET
> https://cache.drcleaner.com/wp-content/plugins/contact-form-7/includes/js/scripts.js? -
> ORIGINAL_DST/99.84.27.102 text/html
> 
> TCP_MISS/502 1609 GET https://cache.drcleaner.com/wp-includes/js/comment-reply.min.js? -
> ORIGINAL_DST/99.84.27.102 text/html
> 
> And over..
> 
> Please, see https://bugs.squid-cache.org/show_bug.cgi?id=4896
> 
> If your case is similar, there is a patch as a workaround.
> 
> HTH
> 

Your Squid 4.4 is patched with https://bugs.squid-cache.org/show_bug.cgi?id=4896 > SQUID-385-Comm_MonitorsRead-assertion-t3.patch ?
It seems exactly the issue I experienced.

I did recompile a testenvironment Squid with that patch, now the mentioned site is not killing my Squid anymore with SSL bump enabled. I am going to rollout the patched version this evening for our 20+ testusers on a pre-prod proxy. If there is any further issue, I'll comment the bugreport directly.

thanks 
Schroeffu

More information about the squid-users mailing list