[squid-users] v4.0.22 error:transaction-end-before-headers using transparent SSL method
David Touzeau
david at articatech.com
Tue Jan 23 16:00:05 UTC 2018
Notice, it appears on both http/https ports
Transparent Ports are freezing each 10 minutes.
I mention that in normal port there is no issue, the issue can be generated
only on transparent mode.
De : squid-users [mailto:squid-users-bounces at lists.squid-cache.org] De la
part de David Touzeau
Envoyé : lundi 22 janvier 2018 23:39
À : squid-users at lists.squid-cache.org
<mailto:squid-users at lists.squid-cache.org>
Objet : [squid-users] v4.0.22 error:transaction-end-before-headers using
transparent SSL method
Hi
Im using Squid Cache: Version 4.0.22 in transparent method
After several times the SSL port going into « freeze mode » and write in
logs
1516660011.849 000000 192.168.1.214 NONE/000 0 NONE
error:transaction-end-before-headers
Doing a squid -k reconfigure release all freeze requests and proxy run in
normal behavior and return back to freeze mode after 1 or 2 hours
How to fix this issue ?
Using the defined configuration :
http_port 192.168.1.1:50634 intercept disable-pmtu-discovery=transparent
name=MyPortNameID27
https_port 192.168.1.1:50635 intercept disable-pmtu-discovery=transparent
name=MyPortNameID28 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/cb623e9bf
c65772f68b84393604cd6ea.dyn tls-dh=/etc/squid3/ssl/dhparam.pem
sslcrtd_program /lib/squid3/security_file_certgen -s
/var/lib/squid/session/ssl/ssl_db -M 8MB
sslcrtd_children 16 startup=5 idle=1
acl FakeCert ssl::server_name .apple.com
acl FakeCert ssl::server_name .icloud.com
acl FakeCert ssl::server_name .mzstatic.com
acl FakeCert ssl::server_name .dropbox.com
acl ssl_step1 at_step SslBump1
acl ssl_step2 at_step SslBump2
acl ssl_step3 at_step SslBump3
ssl_bump peek ssl_step1
ssl_bump splice GlobalWhitelistDSTNet
ssl_bump splice GlobalWhitelistDomainsRx
ssl_bump splice GlobalWhitelistDomains
ssl_bump splice FakeCert
ssl_bump splice all
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180123/f70abfbb/attachment.html>
More information about the squid-users
mailing list