[squid-users] TCP_TUNNEL/500 in squid logs in squid 5.9

ngtech1ltd at gmail.com ngtech1ltd at gmail.com
Mon Jun 12 08:21:37 UTC 2023


Hey Sachin,

What's the issue?
That the logs don't reflect the reality?

Thanks,
Eliezer


From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of sachin gupta
Sent: Thursday, May 25, 2023 18:21
To: squid-users at lists.squid-cache.org
Subject: [squid-users] TCP_TUNNEL/500 in squid logs in squid 5.9

Hi All

We are migrating for squid 4.15 to squid 5.9. We are running our existing test suite to check if we pass our sanity testing.

For requests in transparent mode, though request passes and client get 200, in squid logs we are getting TCP_TUNNEL/500. We were not getting this issue with squid 4.15.

Client logs

curl -v https://origin/cache/0
*   Trying 10.80.96.68:443...
* TCP_NODELAY set
* Connected to origin (10.80.96.68) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: C=US; ST=CA; L=SF; O=SFDC; OU=0:ns.tester;1:mvp;2:mist51;3:na44;4:dev1; CN=origin
*  start date: Jul 26 06:59:41 2022 GMT
*  expire date: Jul 26 06:59:41 2023 GMT
*  subjectAltName: host "origin" matched cert's "origin"
*  issuer: C=US; ST=CA; L=SF; O=SFDC; OU=Edge; CN=ca
*  SSL certificate verify ok.
> GET /cache/0 HTTP/1.1
> Host: origin
> User-Agent: curl/7.67.0
> Accept: */*
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: origin
< Date: Thu, 25 May 2023 15:08:57 GMT
< Connection: close
< Content-Type: application/json
< Content-Length: 162
< Cache-Control: public, max-age=0
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Credentials: true
< 
{"args":{},"headers":{"Accept":"*/*","Host":"origin","User-Agent":"curl/7.67.0","X-Origin-Server":"origin"},"origin":"10.80.96.3","url":"https://origin/cache/0"}
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, close notify (256):

Squid access logs

[25/May/2023:15:08:57]      31 http://10.80.96.6:51028 - NONE_NONE/000 0 CONNECT http://10.80.96.68:443 tester HIER_NONE/- - - tester 746573746572 dagobah [-] - [-] - [-] - 0 0 - - [origin]
[25/May/2023:15:08:57]     40 http://10.80.96.6:51028 - TCP_TUNNEL/500 800 CONNECT origin:443 tester HIER_DIRECT/origin 10.80.96.68 - tester 746573746572 dagobah [-] - [-] - [-] - 1969 2769 4 33 [origin]

Can someone please help in this.

Regards
Sachin



More information about the squid-users mailing list