Hello Eliezer, all,
I removed the cipher and the problem is still there: 2017/01/13 10:20:50 kid1| Error negotiating SSL connection on FD 138: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca (1/0) 2017/01/13 10:21:05 kid1| Error negotiating SSL connection on FD 191: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0) 2017/01/13 10:21:17 kid1| Error negotiating SSL connection on FD 194: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0) 2017/01/13 10:21:17 kid1| Error negotiating SSL connection on FD 198: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0) 2017/01/13 10:21:18 kid1| Error negotiating SSL connection on FD 194: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0) 2017/01/13 10:21:18 kid1| Error negotiating SSL connection on FD 194: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0) 2017/01/13 10:21:19 kid1| Error negotiating SSL connection on FD 194: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0) 2017/01/13 10:21:24 kid1| Error negotiating SSL connection on FD 163: Closed by client 2017/01/13 10:21:39 kid1| Error negotiating SSL connection on FD 250: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca (1/0) 2017/01/13 10:21:42 kid1| Error negotiating SSL on FD 298: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (1/-1/0) 2017-01-13 10:21:53 [29866] Request(everyone/deny/-) https://accounts.youtube.com/accounts/CheckConnection?pmpo=https://accounts.google.com&v=-1574475776×tamp=1484320896449 10.0.0.127/10.0.0.127 - GET REDIRECT 2017/01/13 10:21:56 kid1| Error negotiating SSL connection on FD 109: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca (1/0) 2017/01/13 10:21:56 kid1| Error negotiating SSL connection on FD 309: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown (1/0) 2017/01/13 10:22:25 kid1| Error negotiating SSL connection on FD 155: Closed by client Thanks. On Jan 12, 2017, at 7:28 PM, Eliezer Croitoru <elie...@ngtech.co.il<mailto:elie...@ngtech.co.il>> wrote: Try removing: cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH From the ssl-bump line and see what happens. ---- http://ngtech.co.il/lmgtfy/ Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Sameh Onaissi Sent: Thursday, January 12, 2017 11:10 PM To: squid-users@lists.squid-cache.org Subject: [squid-users] A bunch of SSL errors I am not sure why System info: Squid Cache: Version 3.5.22 Ubuntu linux 16.04 Hello, Last couple of days I have started seeing SSL errors in my cache.log which I don’t really understand: http://pastebin.com/mDHVm7cQ My SSL bump configs: http_port 3127 intercept http_port 3128 https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_certs/squid.crt key=/etc/squid/ssl_certs/squid.key cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH acl step1 at_step SslBump1 acl step2 at_step SslBump2 acl step3 at_step SslBump3 ssl_bump peek step1 all ssl_bump bump all I have tried deleting /var/lib/ssh_db and recreating a fresh one, restarted squid, and no luck. While the service still works fine, some websites like https://web.dlinkla.com/websys were showing a handshake error until I added the site IP into a bypass list. The internet speed also drops every now and then due to this. Any help is appreciated with these errors. Thanks, Sam
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users