On 4/09/18 7:33 PM, Ahmad, Sarfaraz wrote: > With debug_options ALL,9 and retrieving just this page, I found the following > relevant loglines (this is with an explicit CONNECT request) , >
... skip TLS/1.2 clientHello arriving > Later on after about 10 secs > > 2018/09/04 12:45:58.124 kid1| 83,7| AsyncJob.cc(123) callStart: > Ssl::PeekingPeerConnector status in: [ FD 12 job194686] > 2018/09/04 12:45:58.124 kid1| 45,9| cbdata.cc(419) cbdataReferenceValid: > 0xf67698 > 2018/09/04 12:45:58.124 kid1| 83,5| PeerConnector.cc(187) negotiate: > SSL_connect session=0x122c430... > 2018/09/04 12:45:58.124 kid1| 24,8| MemBlob.cc(101) memAlloc: blob1555830 > memAlloc: requested=82887, received=82887 > 2018/09/04 12:45:58.124 kid1| 24,7| SBuf.cc(865) reAlloc: SBuf6002798 new > store capacity: 82887 > 2018/09/04 12:45:58.124 kid1| 24,8| SBuf.cc(139) rawAppendStart: SBuf6002798 > start appending up to 65535 bytes > 2018/09/04 12:45:58.124 kid1| 83,5| bio.cc(140) read: FD 12 read 0 <= 65535 > 2018/09/04 12:45:58.124 kid1| 83,5| NegotiationHistory.cc(83) > retrieveNegotiatedInfo: SSL connection info on FD 12 SSL version NONE/0.0 > negotiated cipher > 2018/09/04 12:45:58.124 kid1| ERROR: negotiating TLS on FD 12: > error:00000000:lib(0):func(0):reason(0) (5/0/0) ... the server delivered 82KB of something which was not TLS/SSL syntax according to OpenSSL. ... > 2018/09/04 12:45:58.125 kid1| 83,5| PeerConnector.cc(559) callBack: TLS setup > ended for local=10.240.180.31:43674 remote=103.243.13.183:443 FD 12 flags=1 > > Again as this is with an explicit CONNECT request, I do get > ERR_CANNOT_FORWARD and that error page uses a certificate signed for > www.extremetech.com by my internal CA without any thing in SAN field guessing > ssl_crtd isn't crashing here unlike the previous bugreport. > Anything from these loglines ? Lacking any server TLS info (eg inability to TLS handshake with server), the behaviour and output from Squid to the client is expected to be as described above. Amos _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
