On Fri, 2015-07-24 at 12:09 +0000, Sebastian Kirschner wrote: > Hi , > > I minimized the configuration a little bit(you could see it at the bottom of > these message). > > Also I still try to understand why these error happen , I increased the Debug > level and saw that squid tried 48 times to peek but failed. > At the end It says that it got an "Hello", does it mean that squid received > after 48 tries the "Hello" ? > > If yes why it does need so many tries ? > > -> Part of debug log <- > 2015/07/24 11:05:42.866 kid1| client_side.cc(4242) clientPeekAndSpliceSSL: > Start peek and splice on FD 11 > 2015/07/24 11:05:42.866 kid1| bio.cc(120) read: FD 11 read 11 <= 11 > 2015/07/24 11:05:42.866 kid1| bio.cc(146) readAndBuffer: read 11 out of 11 > bytes > 2015/07/24 11:05:42.866 kid1| bio.cc(150) readAndBuffer: recorded 11 bytes of > TLS client Hello > 2015/07/24 11:05:42.866 kid1| ModEpoll.cc(116) SetSelect: FD 11, type=1, > handler=1, client_data=0x7effbd078458, timeout=0 > 2015/07/24 11:05:42.866 kid1| client_side.cc(4245) clientPeekAndSpliceSSL: > SSL_accept failed. > . > . > . > 2015/07/24 11:05:42.874 kid1| client_side.cc(4242) clientPeekAndSpliceSSL: > Start peek and splice on FD 11 > 2015/07/24 11:05:42.874 kid1| bio.cc(120) read: FD 11 read 6 <= 11 > 2015/07/24 11:05:42.874 kid1| bio.cc(146) readAndBuffer: read 6 out of 11 > bytes > 2015/07/24 11:05:42.874 kid1| bio.cc(150) readAndBuffer: recorded 6 bytes of > TLS client Hello > 2015/07/24 11:05:42.875 kid1| SBuf.cc(152) assign: SBuf2040 from c-string, > n=0) > 2015/07/24 11:05:42.875 kid1| SBuf.cc(152) assign: SBuf2038 from c-string, > n=13) > 2015/07/24 11:05:42.875 kid1| ModEpoll.cc(116) SetSelect: FD 11, type=1, > handler=1, client_data=0x7effbd078458, timeout=0 > 2015/07/24 11:05:42.875 kid1| client_side.cc(4245) clientPeekAndSpliceSSL: > SSL_accept failed. > 2015/07/24 11:05:42.875 kid1| SBuf.cc(152) assign: SBuf2025 from c-string, > n=4294967295) > 2015/07/24 11:05:42.875 kid1| client_side.cc(4259) clientPeekAndSpliceSSL: I > got hello. Start forwarding the request!!! > > -> new configuration <- > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost manager > http_access deny manager > http_access allow localnet > http_access allow localhost > http_access deny all > > # Listening Ports > http_port 127.0.0.1:3120 > http_port 192.168.1.104:3128 intercept > https_port 192.168.1.104:3129 intercept ssl-bump > generate-host-certificates=on dynamic_cert_mem_cache_size=10MB > cert=/etc/squid3/ssl_cert/myCA.pem > > # some configuration options > cache_effective_user proxy > cache_effective_group proxy > access_log /var/squid/logs/access.log > cache_log /var/squid/logs/cache.log > pinger_enable on > pinger_program /lib/squid3/pinger > sslproxy_capath /etc/ssl/certs > sslcrtd_program /lib/squid3/ssl_crtd -s /var/squid/certs -M 4MB -b 2048 > > #ACLs > acl step1 at_step SslBump1 > acl step2 at_step SslBump2 > acl step3 at_step SslBump3 > acl bypass ssl::server_name www.google.de > > ssl_bump peek step1 > ssl_bump splice bypass step2 > ssl_bump bump all > > # Debugging if needeed > debug_options all,6 6,0 16,0 18,0 19,0 20,0 32,0 47,0 79,0 90,0 92,0 > > # Leave coredumps in the first cache dir > coredump_dir /var/spool/squid3 > > # > # Add any of your own refresh_pattern entries above these. > # > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > > Mit freundlichen Grüßen / Best Regards > > Sebastian > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users
Is that all sites or just a few special sites? James
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
