reverse proxy Squid 4

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

reverse proxy Squid 4

Vieri
This is what the squid cache log reports:

2020/06/25 00:29:05.467 kid1| 83,5| NegotiationHistory.cc(81) retrieveNegotiatedInfo: SSL connection info on FD 15 SSL version NONE/0.0 negotiated cipher
2020/06/25 00:29:05.467 kid1| ERROR: negotiating TLS on FD 15: error:00000000:lib(0):func(0):reason(0) (5/-1/0)
2020/06/25 00:29:05.467 kid1| 83,5| BlindPeerConnector.cc(68) noteNegotiationDone: error=0x55cf5c9bb5b8
2020/06/25 00:29:05.467 kid1| TCP connection to 10.215.144.16/443 failed

Same old issue where openssl does not say why the handshake failed.

I'm having the same problem with an Apache reverse proxy, so now I'm falling back to use http on my backend.

Thanks
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: reverse proxy Squid 4

Alex Rousskov
On 6/24/20 8:16 PM, Vieri wrote:
> This is what the squid cache log reports:
>
> 2020/06/25 00:29:05.467 kid1| 83,5| NegotiationHistory.cc(81) retrieveNegotiatedInfo: SSL connection info on FD 15 SSL version NONE/0.0 negotiated cipher
> 2020/06/25 00:29:05.467 kid1| ERROR: negotiating TLS on FD 15: error:00000000:lib(0):func(0):reason(0) (5/-1/0)
> 2020/06/25 00:29:05.467 kid1| 83,5| BlindPeerConnector.cc(68) noteNegotiationDone: error=0x55cf5c9bb5b8
> 2020/06/25 00:29:05.467 kid1| TCP connection to 10.215.144.16/443 failed
>
> Same old issue where openssl does not say why the handshake failed.

Actually, OpenSSL does say why the handshake failed in this case:
AFAICT, OpenSSL reports that a system call has failed ("5" in "5/-1/0"
is SSL_ERROR_SYSCALL). Squid loses the details of that failure (e.g.,
what kind of system call error Squid has experienced), but we are almost
done improving that.

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users