[squid-users] v4.0.22 error:transaction-end-before-headers using transparent SSL method

David Touzeau david at articatech.com
Mon Jan 22 22:38:48 UTC 2018


Hi

 

I'm using Squid Cache: Version 4.0.22 in transparent method

 

After several times the SSL port going into <  freeze  mode > and write in
logs

 

1516660011.849 000000 192.168.1.214 NONE/000 0 NONE
error:transaction-end-before-headers -

 

Doing a squid -k reconfigure release all freeze requests and proxy run in
normal behavior and return back to freeze mode after 1 or 2 hours

 

How to fix this issue ?

 

Using the defined configuration :

 

http_port 192.168.1.1:50634  intercept disable-pmtu-discovery=transparent
name=MyPortNameID27  

https_port 192.168.1.1:50635  intercept disable-pmtu-discovery=transparent
name=MyPortNameID28 ssl-bump  generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/cb623e9bf

c65772f68b84393604cd6ea.dyn tls-dh=/etc/squid3/ssl/dhparam.pem

sslcrtd_program /lib/squid3/security_file_certgen -s
/var/lib/squid/session/ssl/ssl_db -M 8MB

sslcrtd_children 16 startup=5 idle=1

acl FakeCert ssl::server_name .apple.com

acl FakeCert ssl::server_name .icloud.com

acl FakeCert ssl::server_name .mzstatic.com

acl FakeCert ssl::server_name .dropbox.com

acl ssl_step1 at_step SslBump1

acl ssl_step2 at_step SslBump2

acl ssl_step3 at_step SslBump3

ssl_bump peek ssl_step1

ssl_bump splice GlobalWhitelistDSTNet

ssl_bump splice GlobalWhitelistDomainsRx

ssl_bump splice GlobalWhitelistDomains

ssl_bump splice FakeCert

ssl_bump splice all

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180122/29011a70/attachment.html>


More information about the squid-users mailing list