On 31/07/24 18:05, Jonathan Lee wrote:
The error it shows when I activate IPv6 only mode not dual stack is
There is no "IPv6 only mode" in Squid. What do you mean?
Error: no forward proxy ports configured
In the config you showed earlier all of your IPv6 listening ports use
the
On 31.07.24 15:22, Amos Jeffries wrote:
Debian/12 (aka "Bookworm") provides the package "squid-openssl" with
the SSL-Bump feature enabled. It is a drop-in replacement for the
"squid" package.
FYI this version is available since Debian 11, and build options include
both --with-openssl and
The error it shows when I activate IPv6 only mode not dual stack is
Error: no forward proxy ports configured
Squid terminated
Sent from my iPhone
> On Jul 30, 2024, at 20:16, Amos Jeffries wrote:
>
> On 30/07/24 08:47, Jonathan Lee wrote:
>> I did not know that I had the option set to
build one from source for yourself.
Regards,
Nishant
___
squid-users mailing list
squid-users@lists.squid-cache.org
<mailto:squid-users@lists.squid-cache.org>
https://lists.squid-cache.org/listinfo/squid-users
On 30/07/24 08:47, Jonathan Lee wrote:
I did not know that I had the option set to disable Squid ICMP pinger
pinger helper is not releted.
What I meant was that you need to ensure ICMPv6 protocol is enabled and
working on your network. That is usually a firewall issue.
If it is blocked,
t;
> --enable-ssl
> --enable-ssl-crtd
>
> You may want to build one from source for yourself.
>
> Regards,
> Nishant
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> https://lists.squid-cache.org/lis
Hi John,
On 30/07/24 18:05, John Mok wrote:
Hi all,
I am using squid 5.7 on Debian Bookworm, and would like to setup a
transparent + SSL bump proxy.
Anyone can point to the right direction ?
Squid on Debian and Ubuntu do not have following options:
--enable-ssl
--enable-ssl-crtd
You may
Hi all,
I am using squid 5.7 on Debian Bookworm, and would like to setup a
transparent + SSL bump proxy.
Tried the example below, but squid failed to start when https_port
having "intercept ssl-bump"
https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
Anyone can point to the
-users mailing list
> squid-users@lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
On 27/07/24 10:10, Jonathan Lee wrote:
Hello fellow squid users can you please help me??
I know I have good IPV6 internet if I use the IPV4 proxy address, and
the IPv6 test sites pass 10 out of 10. If I make the client IPV6 only
and have the rules set to use the proxy with the proxy IPV6
Do I need to add ::1 as a http port? for transparent I can’t get anything to
work I sees the attempts with ipv6 pure mode however nothing connects..
[2001:470:8052:192::]:3128 is my proxy
I can’t get any connections from ipv6 only hosts.
I can get ipv4 all day and they can access ipv6 sites
Hello fellow squid users can you please help me??
I know I have good IPV6 internet if I use the IPV4 proxy address, and the IPv6
test sites pass 10 out of 10. If I make the client IPV6 only and have the rules
set to use the proxy with the proxy IPV6 address for the proxy I get no
internet.
I
__
squid-users mailing list
squid-users@lists.squid-cache.org
<mailto:squid-users@lists.squid-cache.org>
https://lists.squid-cache.org/listinfo/squid-users
<https://lists.squid-cache.org/listinfo/squid-users>
_
ers mailing list
squid-users@lists.squid-cache.org
<mailto:squid-users@lists.squid-cache.org>
https://lists.squid-cache.org/listinfo/squid-users
<https://lists.squid-cache.org/listinfo/squid-users>
___
squid-user
then I also recommend keeping a _constant_ number of helper
>> processes (instead of asking Squid to start many new helper processes at
>> the worse possible time -- when the load on Squid increases). To do that,
>> make startup and idle parameters the same as the max
ke startup and idle parameters the same as the maximum number of
> children.
>
>
> HTH,
>
> Alex.
> P.S. The credit for highlighting the correlation between winbindd errors
> and "auth_param ntlm children 500" goe
Hi
We have 5 squid workers, we need to handle around 8k concurrent users.
Based on this, what's the auth_param values that you recommend for
children, idle and startup?
How to know if the helper supports concurrent requests?
winbindd: Exceeding 500 client connections, no idle connection found
On 2024-07-23 19:20, Andre Bolinhas wrote:
winbindd: Exceeding 500 client connections, no idle connection found
auth_param ntlm children 500 ...
I know virtually nothing about WINDBIND and the authentication helper
you are using, but configuring Squid to have 500 helper processes is
On 2024-07-23, Andre Bolinhas wrote:
> I'm using SQUID 5.9 + windbindd 4.9.5, the authentication method is NTLM.
>
> Every day, around 5pm, the internet speed becomes very slow, with users
> reporting that websites takes too long to open.
>
> Also, the time that the issue occur is very strange,
NTICATED proxy_auth REQUIRED
> > # END NTLM Parameters ----
> > # Basic authentication for other browser that did not supports NTLM
> > auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> > auth_param basic children 60 startup=2 idle=1
> > auth_param basic realm Active Directory Basic Identification
> > auth_param basic credentialsttl 7200 seconds
> > authenticate_ttl 3600 seconds
> > authenticate_ip_ttl 1 seconds
> > authenticate_cache_garbage_interval 3600 seconds
> >
> > # ldap_auth_ad() EnableAdLDAPAuth = 0 - SKIP
> >
> > # ads groups OK
> >
> >
> >
> > # --
> >
> >
> >
> >
> > ___
> > squid-users mailing list
> > squid-users@lists.squid-cache.org
> > https://lists.squid-cache.org/listinfo/squid-users
>
>
>
> --
> Francesco
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
Hi Andre,
The chain of services here is:
browser <-> squid <-> ntlm_auth <-> winbindd <-> active directory
In order to bisect the problem, could you try using `wbinfo -a` on one
of the affected machiens to authenticate against Active Directory and
see if the performance is on the winbindd <->
Hi Team.
I'm using SQUID 5.9 + windbindd 4.9.5, the authentication method is NTLM.
Every day, around 5pm, the internet speed becomes very slow, with users
reporting that websites takes too long to open.
Also, the time that the issue occur is very strange, since is when most
of the users are
On 2024-07-23 13:34, Anton Kornexl wrote:
Squid starts, shows a segmentation fault and continues working normally.
Squid forks a worker child and probably this child works, but the parent
process dies with segmentation fault. There is no sign of this
segmention fault in the cache log.
You
> The "segmentation fault" occurs even with squid -k parse.
> >
> > A "service squid reload" runs OK, but a "service squid restart"
> > produces this Segmentation fault.
> >
> > The problem did not exist with opnsense 23.x and an old
se.
> >
> > A "service squid reload" runs OK, but a "service squid restart"
> > produces this Segmentation fault.
> >
> > The problem did not exist with opnsense 23.x and an older squid.
> >
> > How can I debug this error probably in the p
On 20/07/24 03:19, Alex Rousskov wrote:
On 2024-07-19 09:20, Rafał Stanilewicz wrote:
Thank you. It worked.
Glad to hear that!
Seconded.
I incorrectly assumed all dependencies would be captured by aptitude
build-dep squid and ./configure.
AFAIK that is a correct assumption for
_
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
On Mon, Jul 22, 2024 at 12:12 PM Anton Kornexl
wrote:
> Hello
>
> i try to use squid (6.10) with opnsense 24.x on freebsd 13-2-Release-p11.
>
> It produces a "segmentation fault" at start and restart but the process
> runs.
>
> The "segmentation fault" occurs even with squid -k parse.
>
> A
Hello
i try to use squid (6.10) with opnsense 24.x on freebsd 13-2-Release-p11.
It produces a "segmentation fault" at start and restart but the process
runs.
The "segmentation fault" occurs even with squid -k parse.
A "service squid reload" runs OK, but a "service squid restart" produces
On 2024-07-19 09:20, Rafał Stanilewicz wrote:
Thank you. It worked.
Glad to hear that!
I incorrectly assumed all dependencies would be captured by aptitude
build-dep squid and ./configure.
Your assumption is not wrong for dependencies that are necessary to
build and install Squid.
On 2024-07-19 05:04, Rafał Stanilewicz wrote:
Next step was make check, and it failed with this error:
../include/unitTestMain.h:16:10: fatal error:
cppunit/BriefTestProgressListener.h: No such file or directory
I found out that I need to do
apt install libcppunit-dev
So i did it.
I
Good morning Gentlemen,
that's my first time here, so please forgive me for any mistakes.
I decided to make a test run of Squid 7 on our test server, running Ubuntu
24.04, but stumbled upon some issue during the "make check" step
I downloaded the squid-7.0.0-20240706-r314e430471.tar.bz2,
(BTW -
Hi Eliezer,
Pls find my comments inline.
From: ngtech1...@gmail.com
Sent: Friday, July 19, 2024 12:51 AM
To: squid-users@lists.squid-cache.org
Cc: M, Anitha (CSS)
Subject: RE: [squid-users] Squid Version squid-5.7-150400.3.6.1.x86_64 -- Squid
is crashing
18, 2024 7:24 PM
To: squid-users@lists.squid-cache.org
Subject: [squid-users] Squid Version squid-5.7-150400.3.6.1.x86_64 -- Squid
is crashing continusly
Hi Team,
We are seeing squid is continuously crashing with signal 6. Any known issues
with this version? Pls help. Attached is the squid.conf
On 19/07/24 04:23, M, Anitha (CSS) wrote:
Hi Team,
We are seeing squid is continuously crashing with signal 6.
"signal 6" in system log means there should be an "assertion" error
message in the cache.log. Please look for that.
Any known
issues with this version?
Many. It is not clear
Hi Team,
We are seeing squid is continuously crashing with signal 6. Any known issues
with this version? Pls help. Attached is the squid.conf file we are using it.
regards,
Anitha
gl-mh-dcb-die-squidproxy01:~ # cat /etc/squid/squid.conf
# Recommended minimum configuration:
acl localnet src
On 2024-07-18 00:33, Jonathan Lee wrote:
What would be the correct way to convert cache_dir disks to rock?
One cannot convert a cache_dir of another type to rock cache_dir. You
will need to start from scratch, using a rock-dedicated cache_dir path
(initialized by running "squid -z" after
On 2024-07-18 00:25, Jonathan Lee wrote:
How do we enable tproxy in Squid
2024/07/17 21:22:41| Processing: http_port 127.0.0.1:3128 tproxy ...
...
2024/07/17 21:22:41| ERROR: configuration failure: requires TPROXY feature to
be enabled by ./configure
As strongly implied by the error
Squid 6.6
Hello fellow Squid users,
What would be the correct way to convert cache_dir disks to rock?
cache_dir diskd /var/squid/cache 64000 256 256
Would it be as simple as..
cache_dir rock /var/squid/cache 64000 256 256?
___
squid-users
How do we enable tproxy in Squid 6.6 in 5.8 we could just adapt the Squid.conf
and it would enable tproxy
2024/07/17 21:22:41| Processing Configuration File:
/usr/local/etc/squid/squid.conf (depth 0)
2024/07/17 21:22:41| Processing: http_port 192.168.1.1:3128 ssl-bump
NULL,
> #if USE_AUTH
> http->getConn() != NULL &&
> http->getConn()->getAuth() != NULL ?
> http->getConn()->getAuth() :
> http->request->auth_user_request);
> #else
>
y object loop!
>> 11.07.2024 11:36:49varyEvaluateMatch: Oops. Not a Vary match on second
>> attempt,
>> 'https://static.foxnews.com/static/strike/ver/foxnews/loader.global.js'
>> 'accept-encoding="gzip,%20deflate,%20br,%20zstd"'
>> 31.12.1969 16:00:00
>
>
>
> Cheers
> Amos
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
On 12/07/24 06:43, Jonathan Lee wrote:
What is Vary Object loop??
In HTTP URLs can point at a set or "variants" of a resource.
Squid "Vary Object" is an entry in the cache that is used to represent
these types of resource.
When the URL-only is looked up, the "Vary Object" is found and
What is Vary Object loop??
Does that mean clear my cache? Or is that something I am missing has anyone
else seen this?
11.07.2024 11:36:49 clientProcessHit: Vary object loop!
11.07.2024 11:36:49 varyEvaluateMatch: Oops. Not a Vary match on second
attempt,
Has anyone seen this before? on hits?
10.07.2024 09:56:30 clientProcessHit: Vary object loop!
10.07.2024 09:56:30 varyEvaluateMatch: Oops. Not a Vary match on second
attempt,
uest->auth_user_request);
#else
NULL);
#endif
node = (clientStreamNode *)http->client_stream.tail->data;
clientStreamRead(node, http, node->readBuffer);
}
void
ClientRequestContext::hostHeaderVerify()
-Original Message-
From: Alex Rou
On 2024-07-08 12:31, Jonathan Lee wrote:
I can confirm I have no ipv6 our isp is ipv4 only and I have IPv6
disabled on the firewall and with layer 2 and 3 traffic
This problem is not specific to any IP family/version.
Alex.
On Jul 8, 2024, at 09:15, Alex Rousskov
wrote:
On 2024-07-05
I can confirm I have no ipv6 our isp is ipv4 only and I have IPv6 disabled on
the firewall and with layer 2 and 3 traffic
Sent from my iPhone
> On Jul 8, 2024, at 09:15, Alex Rousskov
> wrote:
>
> On 2024-07-05 21:07, Jonathan Lee wrote:
>
>> I am using Bump with certificates installed on
On 2024-07-05 21:07, Jonathan Lee wrote:
I am using Bump with certificates installed on devices does anyone know
what this error is...
kick abandoning conn43723 local=192.168.1.1:3128
remote=192.168.1.5:52129 FD 178 flags=1
This "kick abandoning" message marks a Squid problem or bug:
TLS option
SINGLE_DH_USE
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
Hello fellow Squid Users
I am using Bump with certificates installed on devices does anyone know what
this error is...
kick abandoning conn43723 local=192.168.1.1:3128 remote=192.168.1.5:52129 FD
178 flags=1
Does anyone know how to fix my last weird error I have with Squid 6.6
This is my
37 flags=1:
>>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>>>> 03.07.2024 10:48:49ERROR: failure while accepting a TLS
>>>>>>>>>> connection on conn6440 local=192.168.1.1:3128
>>>>>>>&
accepting a TLS
>>>>>>>>> connection on conn6035 local=192.168.1.1:3128
>>>>>>>>> remote=192.168.1.5:49355 FD 226 flags=1:
>>>>>>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>
a certificate from was the non iMac
>>>>
>>>> The iMac keeps sending change cipher requests and wants TLS1.3 over and
>>>> over as soon as a TLS1.2 pops up it works
>>>>
>>>> That one has the certificate however that system the Toshiba do
s with this error. I highly suspect that I need to enable TLS1.3
>>> would you agree?
>>>
>>> -Original Message-
>>> From: Alex Rousskov
>>> Sent: Friday, July 5, 2024 11:02 AM
>>> To: squid-users
>>> Cc: Jonathan Lee
>&
as the certificate however that system the Toshiba does not have
>> any issues with this error. I highly suspect that I need to enable TLS1.3
>> would you agree?
>>
>> -Original Message-
>> From: Alex Rousskov
>> Sent: Friday, July 5, 2024 11:02 AM
>>
> -Original Message-
> From: Alex Rousskov
> Sent: Friday, July 5, 2024 11:02 AM
> To: squid-users
> Cc: Jonathan Lee
> Subject: Re: [squid-users] Squid Cache Issues migration from 5.8 to 6.6
>
> On 2024-07-05 12:02, Jonathan Lee wrote:
>
>&g
that I need to enable TLS1.3 would you
agree?
-Original Message-
From: Alex Rousskov
Sent: Friday, July 5, 2024 11:02 AM
To: squid-users
Cc: Jonathan Lee
Subject: Re: [squid-users] Squid Cache Issues migration from 5.8 to 6.6
On 2024-07-05 12:02, Jonathan Lee wrote:
> > Alex: I rec
On 2024-07-05 12:02, Jonathan Lee wrote:
> Alex: I recommend determining what that CA is in these cases (e.g., by
capturing raw TLS packets and matching them with connection information from
A000417 error messages in cache.log or %err_detail in access.log).
I have Wireshark running do I
Side note: I have just found while analyzing Wireshark packets that this
A000417 error only occurs with use of the iMac and the Safari browser, this
does not occur on Windows 10 with the Edge browser.
> On Jul 5, 2024, at 09:02, Jonathan Lee wrote:
>
> per
>
> As the next step in triage, I
per
As the next step in triage, I recommend determining what that CA is in these
cases (e.g., by capturing raw TLS packets and matching them with connection
information from A000417 error messages in cache.log or %err_detail in
access.log).
I have Wireshark running do I just look for
in principle or on some fundamental level.
Internal
-Original Message-
From: Alex Rousskov
Sent: Freitag, 5. Juli 2024 15:52
To: Wagner, Juergen03 ;
squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid as http to https forward proxy
CAUTION: This is an external email. Do not click
Thanks for the email and support with this. I will get wireshark running on the
client and get the info required. Yes the information prior is from the
firewall side outside of the proxy testing from the demilitarized zone area. I
wanted to test this first to rule that out as it’s coming in
did not work (in your specific tests), but _not_ because they
should not work in principle or on some fundamental level.
>>
Internal
-Original Message-
From: Alex Rousskov
Sent: Freitag, 5. Juli 2024 15:52
To: Wagner, Juergen03 ;
squid-users@lists.squid-cache.org
Subject: Re: [squid-
ed with debug_options set to ALL,9 while reproducing the problem
with a single test transaction may be the best next step.
HTH,
Alex.
-Original Message-
From: squid-users On Behalf Of Alex
Rousskov
Sent: Donnerstag, 4. Juli 2024 18:43
To: squid-users@lists.squid-cache.org
Subject:
On 2024-07-04 19:12, Jonathan Lee wrote:
You also stated .. " my current working theory suggests that we are
looking at a (default) signUntrusted use case.”
I noticed for Squid documents that default is now set to off ..
The http_port option you are looking at now is not the directive I was
Regards,
Juergen
Internal
-Original Message-
From: squid-users On Behalf Of Alex
Rousskov
Sent: Donnerstag, 4. Juli 2024 18:43
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Squid as http to https forward proxy
CAUTION: This is an external email. Do not click or open any at
024 10:38:04 ERROR: Unsupported TLS option SINGLE_DH_USE
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
___
squid-users mailing list
squid-users@li
d-cache.org
https://lists.squid-cache.org/listinfo/squid-users
_______
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
It does not recognize this directive
2024/07/04 16:16:46| Processing: url_rewrite_children 32 startup=8 idle=4
concurrency=0
2024/07/04 16:16:46| Processing: tls-default-ca on
2024/07/04 16:16:46| /usr/local/etc/squid/squid.conf(235): unrecognized:
'tls-default-ca’
Or with use of =
> On Jul
You also stated .. " my current working theory suggests that we are looking at
a (default) signUntrusted use case.”
I noticed for Squid documents that default is now set to off ..
http://www.squid-cache.org/Versions/v5/cfgman/http_port.html
; flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>> 03.07.2024 10:47:57ERROR: failure while accepting a TLS connection
>>>>>>>> on conn5815 local=192.168.1.1:3128 remote=192.168.1.5:49297 FD 201
>>>>>>>> flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>> 03.07.2024 10:47:54ERROR: failure while accepting a TLS connection
>>>>>>>> on conn5760 local=192.168.1.1:3128 remote=192.168.1.5:49289 FD 195
>>>>>>>> flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>> 03.07.2024 10:47:52ERROR: failure while accepting a TLS connection
>>>>>>>> on conn5717 local=192.168.1.1:3128 remote=192.168.1.5:49284 FD 195
>>>>>>>> flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>> 03.07.2024 10:47:50ERROR: failure while accepting a TLS connection
>>>>>>>> on conn5552 local=192.168.1.1:3128 remote=192.168.1.5:49268 FD 142
>>>>>>>> flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 03.07.2024 10:47:34kick abandoning conn5254 local=192.168.1.1:3128
>>>>>>>> remote=192.168.1.5:49209 FD 100 flags=1
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 03.07.2024 10:47:21kick abandoning conn5022 local=192.168.1.1:3128
>>>>>>>> remote=192.168.1.5:49167 FD 37 flags=1
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 03.07.2024 10:47:21kick abandoning conn5020 local=192.168.1.1:3128
>>>>>>>> remote=192.168.1.5:49165 FD 36 flags=1
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 03.07.2024 10:42:22WARNING: Forwarding loop detected for:
>>>>>>>> 03.07.2024 10:40:08ERROR: failure while accepting a TLS connection
>>>>>>>> on conn4955 local=192.168.1.1:3128 remote=192.168.1.5:52339 FD 98
>>>>>>>> flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 03.07.2024 10:39:52kick abandoning conn4927 local=192.168.1.1:3128
>>>>>>>> remote=192.168.1.5:52331 FD 105 flags=1
>>>>>>>> 03.07.2024 10:39:09ERROR: failure while accepting a TLS connection
>>>>>>>> on conn4846 local=192.168.1.1:3128 remote=192.168.1.5:52314 FD 19
>>>>>>>> flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>> 03.07.2024 10:38:14ERROR: failure while accepting a TLS connection
>>>>>>>> on conn4650 local=192.168.1.1:3128 remote=192.168.1.5:52274 FD 35
>>>>>>>> flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>>> 03.07.2024 10:38:08ERROR: failure while accepting a TLS connection
>>>>>>>> on conn4645 local=192.168.1.1:3128 remote=192.168.1.5:52272 FD 35
>>>>>>>> flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>>>>>> 03.07.2024 10:38:04ERROR: Unsupported TLS option SINGLE_ECDH_USE
>>>>>>>> 03.07.2024 10:38:04ERROR: Unsupported TLS option SINGLE_DH_USE
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> 31.12.1969 16:00:00
>>>>>>>> ___
>>>>>>>> squid-users mailing list
>>>>>>>> squid-users@lists.squid-cache.org
>>>>>>>> https://lists.squid-cache.org/listinfo/squid-users
>>>>>>>
>>>>>
>>>
>>
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
t;>>> on conn5760 local=192.168.1.1:3128 remote=192.168.1.5:49289 FD 195
>>>>>>> flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>>> 03.07.2024 10:47:52ERROR: failure while accepting a TLS connection
>>>>>>
gt;>> 03.07.2024 10:47:50ERROR: failure while accepting a TLS connection
>>>>>> on conn5552 local=192.168.1.1:3128 remote=192.168.1.5:49268 FD 142
>>>>>> flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>>>> 31.1
9 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
___
squid-
0:00
>>>> 31.12.1969 16:00:00
>>>> 31.12.1969 16:00:00
>>>> 31.12.1969 16:00:00
>>>> 03.07.2024 10:42:22WARNING: Forwarding loop detected for:
>>>> 03.07.2024 10:40:08ERROR: failure while accepting a TLS connection on
>>>> conn4955 local=192.168.1.1:3128 remote=192.168.1.5:52339 FD 98 flags=1:
>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>> 31.12.1969 16:00:00
>>>> 03.07.2024 10:39:52kick abandoning conn4927 local=192.168.1.1:3128
>>>> remote=192.168.1.5:52331 FD 105 flags=1
>>>> 03.07.2024 10:39:09ERROR: failure while accepting a TLS connection on
>>>> conn4846 local=192.168.1.1:3128 remote=192.168.1.5:52314 FD 19 flags=1:
>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>> 03.07.2024 10:38:14ERROR: failure while accepting a TLS connection on
>>>> conn4650 local=192.168.1.1:3128 remote=192.168.1.5:52274 FD 35 flags=1:
>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
>>>> 03.07.2024 10:38:08ERROR: failure while accepting a TLS connection on
>>>> conn4645 local=192.168.1.1:3128 remote=192.168.1.5:52272 FD 35 flags=1:
>>>> SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
>>>> 03.07.2024 10:38:04ERROR: Unsupported TLS option SINGLE_ECDH_USE
>>>> 03.07.2024 10:38:04ERROR: Unsupported TLS option SINGLE_DH_USE
>>>> 31.12.1969 16:00:00
>>>> 31.12.1969 16:00:00
>>>> 31.12.1969 16:00:00
>>>> 31.12.1969 16:00:00
>>>> 31.12.1969 16:00:00
>>>> ___
>>>> squid-users mailing list
>>>> squid-users@lists.squid-cache.org
>>>> https://lists.squid-cache.org/listinfo/squid-users
>>>
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
local=192.168.1.1:3128
>>>> remote=192.168.1.5:49165 FD 36 flags=1
>>>> 31.12.1969 16:00:00
>>>> 31.12.1969 16:00:00
>>>> 31.12.1969 16:00:00
>>>> 31.12.1969 16:00:00
>>>> 31.12.1969 16:00:00
>>>> 31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
___
squid-user
On 2024-07-04 12:36, Alex Rousskov wrote:
On 2024-07-04 10:58, Matus UHLAR - fantomas wrote:
On 2024-07-04 09:20, Wagner, Juergen03 wrote:
we are evaluating Squid to be used as a http to https forward proxy.
So Squid would need to support the following setup:
http (client) >
On 2024-07-04 10:58, Matus UHLAR - fantomas wrote:
On 2024-07-04 09:20, Wagner, Juergen03 wrote:
we are evaluating Squid to be used as a http to https forward proxy.
So Squid would need to support the following setup:
http (client) > Squid ---> https ( server )
Could someone
On 2024-07-04 09:20, Wagner, Juergen03 wrote:
we are evaluating Squid to be used as a http to https forward proxy.
So Squid would need to support the following setup:
http (client) > Squid ---> https ( server )
Could someone please confirm if the given setup is in principle
9 16:00:00
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
On 2024-07-04 09:20, Wagner, Juergen03 wrote:
we are evaluating Squid to be used as a http to https forward proxy.
So Squid would need to support the following setup:
http (client) > Squid ---> https ( server )
Could someone please confirm if the given setup is in principle
Hello forum,
we are evaluating Squid to be used as a http to https forward proxy.
So Squid would need to support the following setup:
http (client)> Squid ---> https ( server )
I have searched the mailing list and didn’t find a proper answer.
Could someone please confirm if the
I forgot to mention my certificates I use on squid was generated from this
method
openssl req -x509 -new -nodes -key myProxykey.key -sha256 -days 365 -out
myProxyca.pem
Sent from my iPhone
> On Jul 3, 2024, at 10:56, Jonathan Lee wrote:
>
> Hello fellow Squid users does anyone know how
Hello fellow Squid users does anyone know how to fix this issue?
Squid - Cache Logs
Date-Time Message
31.12.1969 16:00:00
03.07.2024 10:54:34 kick abandoning conn7853 local=192.168.1.1:3128
remote=192.168.1.5:49710 FD 89 flags=1
31.12.1969 16:00:00
03.07.2024 10:54:29
ore
than normal request?
Best regards
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://li
gt;>>
>>>>> https://i.postimg.cc/6QR79GWk/6e727e86-de3d-4f3b-bd9e-04c04052ca2e.jpg
>>>>>
>>>>> Now my question is:
>>>>> 1. What can cause this kind of issue? It's a squid server issue, network
>>>>
ore
than normal request?
Best regards
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://li
E_ABORTED requests is almost 4 time more than
normal request?
Best regards
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
___
squid-us
ers mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
e this kind of issue? It's a squid server issue, network
> (firewall, switch, router, …), or client?
> 2. Why the number of NONE_ABORTED requests is almost 4 time more than normal
> request?
>
> Best regards
>
> _______
> squid-users mailing lis
Hi
Sometimes my users complains that the internet navigation thought Squid
is very slow.
After checking the access.log, I can see a lot of ABORTED messages like this
1715537802.589 2 10.103.12.94 NONE_NONE_ABORTED/200 0 CONNECT
api.telegram.org:443 - HIER_NONE/-:- -
On 4/05/24 11:17, Emre Oksum wrote:
>In this case, all your tcp_outgoing_addr lines being tested. Most of
>them will not match.
Sorry I'm not really a Squid guy I was working on it due to a job that I
took but I cannot figure this out. What do you mean most of them do not
match? Does it mean
rs
> Amos
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
On 4/05/24 09:48, Emre Oksum wrote:
Hi Amos,
>FTR, "debug_options ALL" alone is invalid syntax and will not change
>from the default cache.log output
Yes, you were right! I was surely missing on that one. I changed
debug_options ALL to debug_options ALL 5 and now, I found these warnings
in
>
>
> Cheers
> Amos
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
utput.
>
>
> Cheers
> Amos
> ___
> squid-users mailing list
> squid-users@lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
>
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
On 4/05/24 08:33, Emre Oksum wrote:
Hi Jonathan,
>> Have you attempted to enable debugging ??
Yes, debugging was enabled but as I have pointed out, unfortunately it
didn't give any information about the issue.
Maybe I was missing something? I don't know. debug_options was ALL in my
g.
>>
>>
>> >
>> > I've tried to get a PCAP file and realized when client tries to connect
>> > with a new IPv6 address, Squid is not trying to open a new connection
>> > instead tries to resume a previously opened one on a different outgoing
>> >
1 - 100 of 19659 matches
Mail list logo