[squid-users] Error negotiating SSL connection on FD 366 - cache.log
robert k Wild
robertkwild at gmail.com
Wed Jun 30 16:36:21 UTC 2021
thanks Alex
seems like one client (it shows the ip) is trying to get to this site but i
havnt added it to my white list, so thats why its getting blocked
events.gfe.nvidia.com
thanks a bunch alex, your awesome
On Wed, 30 Jun 2021 at 17:09, Alex Rousskov <
rousskov at measurement-factory.com> wrote:
> On 6/30/21 11:48 AM, robert k Wild wrote:
>
> > How do I enable all 9 debugging to find out what client ip it is thats
> > sending all these tls errors.
>
> 0. Start Squid if necessary.
>
> 1. Locate your Squid log file or equivalent. In this example, we will
> call it cache.log.
>
> 2. Run "tail -f cache.log > partial-cache.log" in background or another
> terminal. This will start appending new debugging to the
> partial-cache.log file.
>
> 3. Run "squid -k debug" to enable ALL,9 debugging.
>
> 4. Wait a few seconds.
>
> 5. Run "squid -k debug" to disable ALL,9 debugging.
>
> 6. Kill the "tail" command in step 2.
>
> 7. Check that partial-cache.log contains at least one "Error negotiating
> SSL connection" entry. If not, go to step 2 and repeat. Perhaps give
> Squid a few extra seconds this time.
>
> 8. Analyze the resulting partial-cache.log (or share it with those who
> are willing to analyze it for you, compressing it if needed). Please
> note that this debugging log may contain sensitive information such as
> user names and passwords.
>
>
> HTH,
>
> Alex.
>
>
> > On Wed, 30 Jun 2021, 16:16 Alex Rousskov wrote:
> >
> > On 6/30/21 6:41 AM, robert k Wild wrote:
> >
> > > never really noticed this as i rarely "tail -f" the cache log but
> im
> > > noticing these lines like every second
> >
> > > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD
> 266:
> > > error:00000001:lib(0):func(0):reason(1) (1/-1)
> > > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD
> 270:
> > > error:00000001:lib(0):func(0):reason(1) (1/-1)
> > > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD
> 285:
> > > error:00000001:lib(0):func(0):reason(1) (1/0)
> >
> > > is this something to be worried about
> >
> > IMHO, you should worry about two things, at least:
> >
> > 1) The fact that you did not know about Squid complaints, especially
> > frequent ones. I do not think that constantly watching "tail -f" is
> the
> > answer here, but something in your Squid administration approach
> should
> > change to prevent similar lack of problem awareness in the future.
> >
> > 2) The fact that your Squid is complaining about something every
> second.
> > If the actual problem behind these errors does not deserve your
> > attention, then Squid should not be logging it at level 1 (and you
> > should complain that it does). Otherwise, the problem itself should
> be
> > addressed.
> >
> > As for the error itself, it looks like your Squid cannot negotiate
> TLS
> > with some client(s). I do not know whether it is Squid's fault or the
> > client's. Enabling "ALL,9" debugging for a few seconds should be
> > sufficient to identify the client (at least by its IP address), which
> > may be enough to understand why the negotiation fails (or to give you
> > enough information to collect more details for triage).
> >
> >
> > HTH,
> >
> > Alex.
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > <mailto:squid-users at lists.squid-cache.org>
> > http://lists.squid-cache.org/listinfo/squid-users
> > <http://lists.squid-cache.org/listinfo/squid-users>
> >
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
--
Regards,
Robert K Wild.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210630/2732f591/attachment.htm>
More information about the squid-users
mailing list