Increasing debug output tells me that SSL negotiation fails and then
succeeds, but I have no idea what causes these failures. Is it just
related to the ssl handshake and not to worry about? If so, why is that
reported to the logs? Setting min and max TLS version on the client
does not change the log outpu. TLS version used is 1.3 if allowed on
OpenSSL refused to accept a TLS client connection with a generic
A non-recoverable, fatal error in the SSL library occurred, usually
a protocol error. The OpenSSL error queue contains more information
on the error.
AFAICT, Squid does not have the code to examine OpenSSL error queue
beyond the surface level (shown in your cache.log), but that does not
mean there is actually more information in that queue in your particular
case. Said that, quality pull requests (or sponsorship for) adding deep
error queue inspection support are welcomed.
I trust there are no other potentially relevant ERRORs and WARNINGs in
It sounds like you can trivially reproduce the problem. If so, a capable
developer with access to your box should be able to triage it further.
> Is it just related to the ssl handshake and not to worry about?
It is most likely related to the SSL handshake. FWIW, I would worry
about it because it should not be happening under normal conditions.