[squid-users] Squid Cache Issues migration from 5.8 to 6.6
Alex Rousskov
rousskov at measurement-factory.com
Mon Jul 8 15:47:05 UTC 2024
On 2024-07-05 20:55, Jonathan Lee wrote:
> FIXED
>
> I think it wanted a new certificate generated mine became to weak I
> needed one that ECDSA with prime256v sha256 and not RSA anymore that
> solved my errors
Glad you found a solution! And if these errors resurface, you now have a
blueprint for their initial triage.
Alex.
> The error is gone when this cert is used :)
>
>> On Jul 5, 2024, at 14:33, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>>
>> However even with it marked as no
>>
>> 05.07.2024 14:30:46 ERROR: failure while accepting a TLS connection on
>> conn4633 local=192.168.1.1:3128 remote=192.168.1.5:49721 FD 30
>> flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>
>>
>>
>> continues
>>
>> I am going to take a break please if anyone know how to resolve this
>> or wants me to try something else let me know. I was originally
>> looking for the certificate when this error occurs however the error
>> comes from the TLS_v1.3 as seen in the pcap files below.
>>
>>
>> Thanks again everyone
>>
>>> On Jul 4, 2024, at 16:02, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>>>
>>>>>> I do not recommend changing your configuration at this time. I
>>>>>> recommend rereading my earlier recommendation and following that
>>>>>> instead: "As the next step in triage, I recommend determining what
>>>>>> that CA is in these cases (e.g., by capturing raw TLS packets and
>>>>>> matching them with connection information from A000417 error
>>>>>> messages in cache.log or %err_detail in access.log)."
>>>
>>> Ok I went back to 5.8 and ran the following command after I removed
>>> the changes I used does this help this is ran on the firewall side
>>> itself.
>>>
>>> openssl s_client -connect foxnews.com:443 <http://foxnews.com:443/>
>>>
>>> depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
>>> verify return:1
>>> depth=1 C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
>>> verify return:1
>>> depth=0 C = US, ST = New York, L = New York, O = "Fox News Network, LLC", CN = wildcard.foxnews.com
>>> verify return:1
>>> CONNECTED(00000004)
>>> ---
>>> Certificate chain
>>> 0 s:C = US, ST = New York, L = New York, O = "Fox News Network, LLC", CN = wildcard.foxnews.com
>>> i:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
>>> 1 s:C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
>>> i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
>>>
>>> -----END CERTIFICATE-----
>>> subject=C = US, ST = New York, L = New York, O = "Fox News Network, LLC", CN = wildcard.foxnews.com
>>>
>>> issuer=C = US, O = DigiCert Inc, CN = DigiCert TLS RSA SHA256 2020 CA1
>>>
>>> ---
>>> No client certificate CA names sent
>>> Peer signing digest: SHA256
>>> Peer signature type: ECDSA
>>> Server Temp Key: X25519, 253 bits
>>> ---
>>> SSL handshake has read 4198 bytes and written 393 bytes
>>> Verification: OK
>>> ---
>>> New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
>>> Server public key is 256 bit
>>> Secure Renegotiation IS NOT supported
>>> Compression: NONE
>>> Expansion: NONE
>>> No ALPN negotiated
>>> Early data was not sent
>>> Verify return code: 0 (ok)
>>> ---
>>> DONE
>>>
>>> Does that help I am not going to pretend I understand TLS options I
>>> do understand how the SSL ciphers work and certificates but all the
>>> different options and kinds are what is confusing me. I did not seem
>>> to have this error before.
>>>
>>>
>>> Should I regenerate a new certificate for the new version of Squid
>>> and redeploy them all to hosts again? I used this method in the past
>>> and it worked for a long time after I imported it. I am wondering if
>>> this is outdated now
>>>
>>> *openssl req -x509 -new -nodes -key myProxykey.key -sha256 -days 365
>>> -out myProxyca.pem*
>>>
>>>
>>>> On Jul 4, 2024, at 15:13, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>>>>
>>>> Sorry
>>>>
>>>> tls_outgoing_options cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
>>>> tls_outgoing_options options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
>>>>
>>>> Would I add this here?
>>>>
>>>>> On Jul 4, 2024, at 15:12, Jonathan Lee <jonathanlee571 at gmail.com>
>>>>> wrote:
>>>>>
>>>>> I know before I could use
>>>>>
>>>>> tls_outgoing_options cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
>>>>>
>>>>> However with the update I am seeing
>>>>>
>>>>> ERROR: Unsupported TLS option SINGLE_ECDH_USE
>>>>>
>>>>> I found researching in lists-squid-cache.org
>>>>> <http://lists-squid-cache.org/> that someone solved this with
>>>>> appending TLS13-AES-256-CGM-SHA384 to the ciphers.
>>>>>
>>>>> I am thinking this is my issue also.
>>>>>
>>>>> I see that error over and over when I run "squid -k parse”
>>>>>
>>>>> Do I append this to the options cipher list?
>>>>>
>>>>> Jonathan Lee
>>>>>
>>>>>> On Jul 4, 2024, at 14:45, Alex Rousskov
>>>>>> <rousskov at measurement-factory.com> wrote:
>>>>>>
>>>>>> On 2024-07-04 15:37, Jonathan Lee wrote:
>>>>>>
>>>>>>> in Squid.conf I have nothing with that detective.
>>>>>>
>>>>>> Sounds good; sslproxy_cert_sign default should work OK in most
>>>>>> cases. I mentioned signUntrusted algorithm so that you can
>>>>>> discover (from the corresponding sslproxy_cert_sign documentation)
>>>>>> which CA/certificate Squid uses in which SslBump use case. Triage
>>>>>> is often easier if folks share the same working theory, and my
>>>>>> current working theory suggests that we are looking at a (default)
>>>>>> signUntrusted use case.
>>>>>>
>>>>>> The solution here probably does _not_ involve changing
>>>>>> sslproxy_cert_sign configuration, but, to make progress, I need
>>>>>> more info to confirm this working theory and describe next steps.
>>>>>>
>>>>>>
>>>>>>> Yes I am using SSL bump with this configuration..
>>>>>>
>>>>>> Noted, thank you.
>>>>>>
>>>>>>
>>>>>>> So would I use this directive
>>>>>>
>>>>>> I do not recommend changing your configuration at this time. I
>>>>>> recommend rereading my earlier recommendation and following that
>>>>>> instead: "As the next step in triage, I recommend determining what
>>>>>> that CA is in these cases (e.g., by capturing raw TLS packets and
>>>>>> matching them with connection information from A000417 error
>>>>>> messages in cache.log or %err_detail in access.log)."
>>>>>>
>>>>>>
>>>>>> HTH,
>>>>>>
>>>>>> Alex.
>>>>>>
>>>>>>
>>>>>>>> On Jul 4, 2024, at 09:56, Alex Rousskov wrote:
>>>>>>>>
>>>>>>>> On 2024-07-04 12:11, Jonathan Lee wrote:
>>>>>>>>> failure while accepting a TLS connection on conn5887
>>>>>>>>> local=192.168.1.1:3128
>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417
>>>>>>>>
>>>>>>>> A000417 is an "unknown CA" alert sent by client to Squid while
>>>>>>>> the client is trying to establish a TLS connection to/through
>>>>>>>> Squid. The client does not trust the Certificate Authority that
>>>>>>>> signed the certificate that was used for that TLS connection.
>>>>>>>>
>>>>>>>> As the next step in triage, I recommend determining what that CA
>>>>>>>> is in these cases (e.g., by capturing raw TLS packets and
>>>>>>>> matching them with connection information from A000417 error
>>>>>>>> messages in cache.log or %err_detail in access.log).
>>>>>>>>
>>>>>>>> If you use SslBump for port 3128 traffic, then one of the
>>>>>>>> possibilities here is that Squid is using an unknown-to-client
>>>>>>>> CA to report an origin server that Squid itself does not trust
>>>>>>>> (see signUntrusted in squid.conf.documented). In those cases,
>>>>>>>> logging a level-1 ERROR is a Squid bug because that
>>>>>>>> expected/desirable outcome should be treated as success (and a
>>>>>>>> successful TLS accept treated as an error!).
>>>>>>>>
>>>>>>>>
>>>>>>>> HTH,
>>>>>>>>
>>>>>>>> Alex.
>>>>>>
>>>>>>
>>>>>>>>> Is my main concern however I use the squid guard URL blocker
>>>>>>>>> Sent from my iPhone
>>>>>>>>>> On Jul 4, 2024, at 07:41, Alex Rousskov
>>>>>>>>>> <rousskov at measurement-factory.com> wrote:
>>>>>>>>>>
>>>>>>>>>> On 2024-07-03 13:56, Jonathan Lee wrote:
>>>>>>>>>>> Hello fellow Squid users does anyone know how to fix this issue?
>>>>>>>>>>
>>>>>>>>>> I counted about eight different "issues" in your cache.log
>>>>>>>>>> sample. Most of them are probably independent. I recommend
>>>>>>>>>> that you explicitly pick _one_, search mailing list archives
>>>>>>>>>> for previous discussions about it, and then provide as many
>>>>>>>>>> details about it as you can (e.g., what traffic causes it
>>>>>>>>>> and/or matching access.log records).
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> HTH,
>>>>>>>>>>
>>>>>>>>>> Alex.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> Squid - Cache Logs
>>>>>>>>>>> Date-Time Message
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 03.07.2024 10:54:34 kick abandoning
>>>>>>>>>>> conn7853 local=192.168.1.1:3128 remote=192.168.1.5:49710 FD
>>>>>>>>>>> 89 flags=1
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 03.07.2024 10:54:29 kick abandoning
>>>>>>>>>>> conn7844 local=192.168.1.1:3128 remote=192.168.1.5:49702 FD
>>>>>>>>>>> 81 flags=1
>>>>>>>>>>> 03.07.2024 10:54:09 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn7648 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49672 FD 44 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:54:09 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn7647 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49670 FD 43 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:54:09 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn7646 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49668 FD 34 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:53:04 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn7367 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49627 FD 22 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:52:47 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn7345 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49618 FD 31 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:52:38 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn7340 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49616 FD 45 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:52:34 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn7316 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49609 FD 45 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 03.07.2024 10:51:55 WARNING: Error Pages Missing Language:
>>>>>>>>>>> en-us
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 03.07.2024 10:51:55 ERROR: loading file
>>>>>>>>>>> �9;/usr/local/etc/squid/errors/en-us/ERR_ZERO_SIZE_OBJECT':
>>>>>>>>>>> (2) No such file or directory
>>>>>>>>>>> 03.07.2024 10:51:44 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn7102 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49574 FD 34 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:51:28 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn7071 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49568 FD 92 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:50:29 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn6944 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49534 FD 101 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:49:54 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn6866 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49519 FD 31 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:49:38 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn6809 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49503 FD 31 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 03.07.2024 10:49:32 ERROR: system call failure while
>>>>>>>>>>> accepting a TLS connection on conn6794 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49496 FD 19 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_IO_ERR=5+errno=54
>>>>>>>>>>> 03.07.2024 10:49:24 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn6776 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49481 FD 137 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:48:49 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn6440 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49424 FD 16 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:48:49 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn6445 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49426 FD 34 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:48:22 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn6035 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49355 FD 226 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:48:09 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn5887 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49318 FD 33 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:48:09 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn5875 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49312 FD 216 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:48:09 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn5876 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49314 FD 217 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:47:57 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn5815 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49297 FD 201 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:47:54 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn5760 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49289 FD 195 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:47:52 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn5717 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49284 FD 195 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:47:50 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn5552 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:49268 FD 142 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 03.07.2024 10:47:34 kick abandoning
>>>>>>>>>>> conn5254 local=192.168.1.1:3128 remote=192.168.1.5:49209 FD
>>>>>>>>>>> 100 flags=1
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 03.07.2024 10:47:21 kick abandoning
>>>>>>>>>>> conn5022 local=192.168.1.1:3128 remote=192.168.1.5:49167 FD
>>>>>>>>>>> 37 flags=1
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 03.07.2024 10:47:21 kick abandoning
>>>>>>>>>>> conn5020 local=192.168.1.1:3128 remote=192.168.1.5:49165 FD
>>>>>>>>>>> 36 flags=1
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 03.07.2024 10:42:22 WARNING: Forwarding loop detected for:
>>>>>>>>>>> 03.07.2024 10:40:08 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn4955 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:52339 FD 98 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 03.07.2024 10:39:52 kick abandoning
>>>>>>>>>>> conn4927 local=192.168.1.1:3128 remote=192.168.1.5:52331 FD
>>>>>>>>>>> 105 flags=1
>>>>>>>>>>> 03.07.2024 10:39:09 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn4846 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:52314 FD 19 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:38:14 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn4650 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:52274 FD 35 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:38:08 ERROR: failure while accepting a TLS
>>>>>>>>>>> connection on conn4645 local=192.168.1.1:3128
>>>>>>>>>>> remote=192.168.1.5:52272 FD 35 flags=1:
>>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>>>>> 03.07.2024 10:38:04 ERROR: Unsupported TLS option
>>>>>>>>>>> SINGLE_ECDH_USE
>>>>>>>>>>> 03.07.2024 10:38:04 ERROR: Unsupported TLS option
>>>>>>>>>>> SINGLE_DH_USE
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> 31.12.1969 16:00:00
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> squid-users mailing list
>>>>>>>>>>> squid-users at lists.squid-cache.org
>>>>>>>>>>> https://lists.squid-cache.org/listinfo/squid-users
>>>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
More information about the squid-users
mailing list