[squid-users] SSL issue on Squid version 4 after blacklisting

Eliezer Croitor ngtech1ltd at gmail.com
Mon Oct 12 11:37:44 UTC 2020 

Hey Dixit,

 

Have you seen the next bug report:

https://bugs.squid-cache.org/show_bug.cgi?id=5067#c4

 

Alex/Amos: I assume that this specific issue deserve a DEBUG which will describe and relate to this BUG:5067 report.

 

Eliezer

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> 

 

From: DIXIT Ankit <Ankit.Dixit at eurostar.com> 
Sent: Friday, September 25, 2020 4:22 PM
To: Eliezer Croitor <ngtech1ltd at gmail.com>; 'Squid Users' <squid-users at lists.squid-cache.org>
Subject: RE: SSL issue on Squid version 4 after blacklisting

 

Elizer/Team,

 

Any help would be appreciated.

 

Regards,

Ankit Dixit|IS Cloud Team

Eurostar International Ltd

Times House | Bravingtons Walk | London N1 9AW

Office: +44 (0)207 84 35550 (Extension– 35530)

 

From: DIXIT Ankit 
Sent: Tuesday, September 15, 2020 1:24 PM
To: Eliezer Croitor <ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> >; 'Squid Users' <squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> >
Subject: SSL issue on Squid version 4 after blacklisting

 

Subject changed

 

Elizer/Team,

 

Connecting with you again after we upgraded to Squid version 4.

 

We have blacklisted the domain categories  on Squid Proxy, but we are getting below exception in cache.log and due to this internet is not flowing from client servers via squid. 

This blacklist category is having thousands of blacklisted domains.

 

kid1| Error negotiating SSL on FD 33: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0)

kid1| Error negotiating SSL connection on FD 26: (104) Connection reset by peer

 

Is there any specific ssl certificate, we need to configure? Or any other issue, you see here?

 

 

Regards,

Ankit Dixit|IS Cloud Team

Eurostar International Ltd

Times House | Bravingtons Walk | London N1 9AW

Office: +44 (0)207 84 35550 (Extension– 35530)

 

From: DIXIT Ankit 
Sent: Monday, July 6, 2020 8:50 AM
To: Eliezer Croitor <ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> >; 'Squid Users' <squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> >
Subject: RE: [squid-users] Squid memory consumption problem

 

Elizer,

 

SSL was failing for few applications but was working fine for other applications. So we reverted back to old version.

I am not sure what ssl certificate dependency was there. 

 

Would be great, if you can suggest memory leak solutions in 3.12 version.

 

Regards,

Ankit Dixit|IS Cloud Team

Eurostar International Ltd

Times House | Bravingtons Walk | London N1 9AW

Office: +44 (0)207 84 35550 (Extension– 35530)

 

From: Eliezer Croitor <ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> > 
Sent: Sunday, July 5, 2020 5:58 PM
To: DIXIT Ankit <Ankit.Dixit at eurostar.com <mailto:Ankit.Dixit at eurostar.com> >; 'Squid Users' <squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> >
Cc: SETHI Konica <Konica.Sethi at eurostar.com <mailto:Konica.Sethi at eurostar.com> >
Subject: RE: [squid-users] Squid memory consumption problem

 




 

Hey,

 

What happen with this issue?

I am waiting for any input about this issue to understand with what I can try to help.

 

Eliezer

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> 

 

From: DIXIT Ankit [mailto:Ankit.Dixit at eurostar.com] 
Sent: Tuesday, June 30, 2020 12:35 PM
To: Eliezer Croitoru; Squid Users
Cc: SETHI Konica
Subject: RE: [squid-users] Squid memory consumption problem

 

For your information, we have added below configurations but again same issue.

 

tls_outgoing_options options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE

 

tls_outgoing_options cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

 

Regards,

Ankit Dixit|IS Cloud Team

Eurostar International Ltd

Times House | Bravingtons Walk | London N1 9AW

Office: +44 (0)207 84 35550 (Extension– 35530)

 

From: DIXIT Ankit 
Sent: Tuesday, June 30, 2020 10:25 AM
To: Eliezer Croitoru <ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> >; Squid Users <squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> >
Cc: SETHI Konica <Konica.Sethi at eurostar.com <mailto:Konica.Sethi at eurostar.com> >
Subject: RE: [squid-users] Squid memory consumption problem

 

Eliezer,

 

Clients are facing some SSL related issues after upgrade. I could see below error. Please suggest, its little urgent.

 

quid[6706]: Error negotiating SSL connection on FD 167: error:00000001:lib(0):func(0):reason(1) (1/0)
Jun 30 09:17:38 squid[6706]: Error parsing SSL Server Hello Message on FD 77
Jun 30 09:17:38 squid[6706]: Error negotiating SSL connection on FD 75: error:00000001:lib(0):func(0):reason(1) (1/0)

 

 

Regards,

Ankit Dixit|IS Cloud Team

Eurostar International Ltd

Times House | Bravingtons Walk | London N1 9AW

Office: +44 (0)207 84 35550 (Extension– 35530)

 

From: Eliezer Croitoru <ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> > 
Sent: Tuesday, June 30, 2020 9:10 AM
To: Squid Users <squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> >; DIXIT Ankit <Ankit.Dixit at eurostar.com <mailto:Ankit.Dixit at eurostar.com> >
Subject: RE: [squid-users] Squid memory consumption problem

 




 

The first thing to do is look at:

https://wiki.squid-cache.org/KnowledgeBase/HostHeaderForgery

 

It should clear couple doubts for you.

 

Eliezer

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> 

 

From: DIXIT Ankit <mailto:Ankit.Dixit at eurostar.com> 
Sent: Tuesday, June 30, 2020 10:46 AM
To: Eliezer Croitoru <mailto:ngtech1ltd at gmail.com> ; Alex Rousskov <mailto:rousskov at measurement-factory.com> ; squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org> 
Subject: RE: [squid-users] Squid memory consumption problem

 

Elizer,

 

We installed Squid 4.12 on production server, amazon Linux 2, successfully but I could see below messages in the logs for SECURITY ALERT: Host header forgery detected. These are getting generated very frequently.

Can we ignore this Or is it advised to suppress these alerts?

 

kid2| SECURITY ALERT: on URL: 5-25-3-app.agent.datadoghq.com:443 <http://5-25-3-app.agent.datadoghq.com:443> 

2020/06/30 07:41:29 kid1| SECURITY ALERT: Host header forgery detected on local=IP remote=IP FD 97 flags=33 (local IP does not match any domain IP)

 

Regards,

Ankit Dixit|IS Cloud Team

Eurostar International Ltd

Times House | Bravingtons Walk | London N1 9AW

Office: +44 (0)207 84 35550 (Extension– 35530)

 

 

  _____  

This email (including any attachments) is intended only for the addressee(s), is confidential and may be legally privileged. If you are not the intended recipient, do not use, disclose, copy, or forward this email. Please notify the sender immediately and then delete it. Eurostar International Limited and its affiliates ("EIL") do not accept any liability for action taken in reliance on this email. EIL makes no representation that this email is free of viruses and addressees should check this email for viruses. The comments or statements expressed in this email are not necessarily those of EIL. 

Eurostar International Ltd 
Times House, Bravingtons Walk, London N1 9AW Registered in England and Wales No. 2462001 

  _____  

 

 

  _____  

This email (including any attachments) is intended only for the addressee(s), is confidential and may be legally privileged. If you are not the intended recipient, do not use, disclose, copy, or forward this email. Please notify the sender immediately and then delete it. Eurostar International Limited and its affiliates ("EIL") do not accept any liability for action taken in reliance on this email. EIL makes no representation that this email is free of viruses and addressees should check this email for viruses. The comments or statements expressed in this email are not necessarily those of EIL. 

Eurostar International Ltd 
Times House, Bravingtons Walk, London N1 9AW Registered in England and Wales No. 2462001 

  _____  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20201012/63b08bc8/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 19517 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20201012/63b08bc8/attachment-0001.jpg>

More information about the squid-users mailing list