Thanks Alex, How do I enable all 9 debugging to find out what client ip it is thats sending all these tls errors.
There's a lot of mac/pcs that are connected to this squid server and I have added the myca.der file to there machines as I'm doing ssl bumping. Thanks, Rob On Wed, 30 Jun 2021, 16:16 Alex Rousskov, <rouss...@measurement-factory.com> wrote: > On 6/30/21 6:41 AM, robert k Wild wrote: > > > never really noticed this as i rarely "tail -f" the cache log but im > > noticing these lines like every second > > > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD 266: > > error:00000001:lib(0):func(0):reason(1) (1/-1) > > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD 270: > > error:00000001:lib(0):func(0):reason(1) (1/-1) > > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD 285: > > error:00000001:lib(0):func(0):reason(1) (1/0) > > > is this something to be worried about > > IMHO, you should worry about two things, at least: > > 1) The fact that you did not know about Squid complaints, especially > frequent ones. I do not think that constantly watching "tail -f" is the > answer here, but something in your Squid administration approach should > change to prevent similar lack of problem awareness in the future. > > 2) The fact that your Squid is complaining about something every second. > If the actual problem behind these errors does not deserve your > attention, then Squid should not be logging it at level 1 (and you > should complain that it does). Otherwise, the problem itself should be > addressed. > > As for the error itself, it looks like your Squid cannot negotiate TLS > with some client(s). I do not know whether it is Squid's fault or the > client's. Enabling "ALL,9" debugging for a few seconds should be > sufficient to identify the client (at least by its IP address), which > may be enough to understand why the negotiation fails (or to give you > enough information to collect more details for triage). > > > HTH, > > Alex. > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users