Cool, so I put this in squid.conf debug_options 9
And then restart squid and tail the cache.log On Wed, 30 Jun 2021, 16:48 robert k Wild, <robertkw...@gmail.com> wrote: > Thanks Alex, > > How do I enable all 9 debugging to find out what client ip it is thats > sending all these tls errors. > > There's a lot of mac/pcs that are connected to this squid server and I > have added the myca.der file to there machines as I'm doing ssl bumping. > > Thanks, > Rob > > > > On Wed, 30 Jun 2021, 16:16 Alex Rousskov, < > rouss...@measurement-factory.com> wrote: > >> On 6/30/21 6:41 AM, robert k Wild wrote: >> >> > never really noticed this as i rarely "tail -f" the cache log but im >> > noticing these lines like every second >> >> > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD 266: >> > error:00000001:lib(0):func(0):reason(1) (1/-1) >> > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD 270: >> > error:00000001:lib(0):func(0):reason(1) (1/-1) >> > 2021/06/30 11:39:13 kid1| Error negotiating SSL connection on FD 285: >> > error:00000001:lib(0):func(0):reason(1) (1/0) >> >> > is this something to be worried about >> >> IMHO, you should worry about two things, at least: >> >> 1) The fact that you did not know about Squid complaints, especially >> frequent ones. I do not think that constantly watching "tail -f" is the >> answer here, but something in your Squid administration approach should >> change to prevent similar lack of problem awareness in the future. >> >> 2) The fact that your Squid is complaining about something every second. >> If the actual problem behind these errors does not deserve your >> attention, then Squid should not be logging it at level 1 (and you >> should complain that it does). Otherwise, the problem itself should be >> addressed. >> >> As for the error itself, it looks like your Squid cannot negotiate TLS >> with some client(s). I do not know whether it is Squid's fault or the >> client's. Enabling "ALL,9" debugging for a few seconds should be >> sufficient to identify the client (at least by its IP address), which >> may be enough to understand why the negotiation fails (or to give you >> enough information to collect more details for triage). >> >> >> HTH, >> >> Alex. >> _______________________________________________ >> squid-users mailing list >> squid-users@lists.squid-cache.org >> http://lists.squid-cache.org/listinfo/squid-users >> >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
