[squid-users] HTTPS CONNECT Failing - Squid 3.3.4

From: tomsl <tom_at_signagelive.com>
Date: Fri, 25 Apr 2014 08:26:15 -0700 (PDT)

I have Squid 3.3.4 running on Ubuntu 12.04. For some clients, it looks like
they cannot establish an SSL connection so I assume that HTTPS CONNECT is
failing. These are embedded linux devices (I think) and I cannot get any
logs from them so I am finding it difficult to debug. I have tried many
different options on the https_port line.

My https_port line is currently:

https_port 443 accel cert=/root/ssl/cert.pem
cipher=RC4-MD5:RC4-SHA:AES128-SHA:DES-CBC3-SHA:AES256-SHA
defaultsite=mysite.mydomain.com

The only relevant information that I can get from the logs is:

2014/04/25 14:57:07.598| TcpAcceptor.cc(197) doAccept: New connection on FD
31
2014/04/25 14:57:07.598| TcpAcceptor.cc(272) acceptNext: connection on
local=[::]:443 remote=[::] FD 31 flags=9
2014/04/25 14:57:07.598| Eui48.cc(262) lookup: Looking up ARP address for
10.189.246.4 on eth0
2014/04/25 14:57:07.598| Eui48.cc(262) lookup: Looking up ARP address for
10.189.246.4 on eth1
2014/04/25 14:57:07.598| Eui48.cc(537) lookup: 10.189.246.4 NOT found
-----BEGIN SSL SESSION PARAMETERS-----
MIGLAgEBAgIDAwQCAC8EILteDsmKzo2zRpPdTooen622XmoPOJ+EuE58nSIpKQ3E
BDBmI+cJ09OOG1hxtpjXqfv9ZjCUHAH0uaI7JJnB5DQb44Lu69fk/GpbT8mNj8fq
yuShBgIEU1p3w6IEAgIBLKQCBACmGAQWYnN0ZXN0LnNpZ25hZ2VsaXZlLmNvbQ==
-----END SSL SESSION PARAMETERS-----
2014/04/25 14:57:08.294| client_side.cc(3528) clientNegotiateSSL:
clientNegotiateSSL: New session 0x7fb05d661640 on FD 10 (10.189.246.4:11885)
2014/04/25 14:57:08.294| client_side.cc(3532) clientNegotiateSSL:
clientNegotiateSSL: FD 10 negotiated cipher AES128-SHA
2014/04/25 14:57:08.294| client_side.cc(3548) clientNegotiateSSL:
clientNegotiateSSL: FD 10 has no certificate.
2014/04/25 14:57:09.607| client_side.cc(784) swanSong:
local=10.179.64.91:443 remote=10.189.246.4:11885 flags=1
2014/04/25 14:57:40.823| TcpAcceptor.cc(197) doAccept: New connection on FD
31
2014/04/25 14:57:40.823| TcpAcceptor.cc(272) acceptNext: connection on
local=[::]:443 remote=[::] FD 31 flags=9
2014/04/25 14:57:40.823| Eui48.cc(262) lookup: Looking up ARP address for
10.189.246.4 on eth0
2014/04/25 14:57:40.823| Eui48.cc(262) lookup: Looking up ARP address for
10.189.246.4 on eth1
2014/04/25 14:57:40.823| Eui48.cc(537) lookup: 10.189.246.4 NOT found
-----BEGIN SSL SESSION PARAMETERS-----
MIGLAgEBAgIDAwQCAC8EIPxjUMDi/iO1LHDWTiThHx7h03nX0UK+fFMeDVfVYeLz
BDBloBIgFujdopEW5miRzGqJQ4cwfQrh6gAoZcL5Bt1jOvv3+9VV0uwh+Gext4wQ
FJ+hBgIEU1p35KIEAgIBLKQCBACmGAQWYnN0ZXN0LnNpZ25hZ2VsaXZlLmNvbQ==
-----END SSL SESSION PARAMETERS-----
2014/04/25 14:57:41.086| client_side.cc(3528) clientNegotiateSSL:
clientNegotiateSSL: New session 0x7fb05d661cc0 on FD 10 (10.189.246.4:37412)
2014/04/25 14:57:41.087| client_side.cc(3532) clientNegotiateSSL:
clientNegotiateSSL: FD 10 negotiated cipher AES128-SHA
2014/04/25 14:57:41.087| client_side.cc(3548) clientNegotiateSSL:
clientNegotiateSSL: FD 10 has no certificate.
2014/04/25 14:57:42.448| client_side.cc(784) swanSong:
local=10.179.64.91:443 remote=10.189.246.4:37412 flags=1
2014/04/25 14:58:13.909| TcpAcceptor.cc(197) doAccept: New connection on FD
31
2014/04/25 14:58:13.909| TcpAcceptor.cc(272) acceptNext: connection on
local=[::]:443 remote=[::] FD 31 flags=9
2014/04/25 14:58:13.909| Eui48.cc(262) lookup: Looking up ARP address for
10.189.246.4 on eth0
2014/04/25 14:58:13.909| Eui48.cc(262) lookup: Looking up ARP address for
10.189.246.4 on eth1
2014/04/25 14:58:13.909| Eui48.cc(537) lookup: 10.189.246.4 NOT found

Web browsers work with no issues, as do other non-pc devices.

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/HTTPS-CONNECT-Failing-Squid-3-3-4-tp4665691.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Fri Apr 25 2014 - 15:26:59 MDT

This archive was generated by hypermail 2.2.0 : Sun Apr 27 2014 - 12:00:05 MDT