Re: [squid-users] SSL Stops responding

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 23 Jan 2011 16:24:24 +1300

On 20/01/11 10:53, James P. Ashton wrote:
> Hi all,
> It appears that after about 2 months of up time I has a pair of squid servers stop servicing SSL at the same time. Both are running CentOS 5.5 fully updated.
>
> Version: 3.0.STABLE25-1.el5 (from the rpmforge repository)
>
> Servers are default CentOS 5.5 install with no packages or package groups installed outside of base. Only squid from rpmforge.
> They are Dell 2950s with Solid state cache drives. 16G of ram each.
> They are running in accelerator mode. The config is posted below.
> They are behind a load balancer. The traffic to about a dozen sites are balanced across these 2 servers.
>
> No errors in the error log, No errors in the cache log and nothing in the access log other than no requests for any SSL domains. It appears as if the requests were simply not getting to squid.
>
> Netstat showed 2 connections to port 443. Both were off-site addresses.

You mean the visitor was "off-site" or the destination site was not one
of yours?

NP: your last http_access rule is "deny purge" instead of "deny all"
which means the implicit default is "allow all". The accel flags should
have blocked direct access, but someone may have found a way around that.

>
> Restarting squid solved the issue. Connections were getting through immediately.
>
> All this time non SSL (Port 80 / HTTP) requests were working with no problems.
>
>
> Any thoughts on this?

Something weird with the certificates? or maybe something worse with the
listening socket in the stack level?

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.10
   Beta testers wanted for 3.2.0.4
Received on Sun Jan 23 2011 - 03:24:31 MST

This archive was generated by hypermail 2.2.0 : Sun Jan 23 2011 - 12:00:03 MST