Hi Amos/All,
I am running a 3.2 snapshot in production (with a 2.7 as a fallback)
with ssl-bump and dynamic cert generation. For some SSL sites, we are
getting the following in cache.log:
2012/02/05 10:23:03 kid1| fwdNegotiateSSL: Error negotiating SSL
connection on FD 33: error:00000000:lib(0):func(0):reason(0) (5/0/0)
and a
The system returned: (71) Protocol error
from squid in the browser.
One example I know can reproduce this every time is:
https://applyonline.abbeynational.co.uk/olaWeb/OLALogonServlet?action=prepare&application=OnlineBankingRegistrationServlet&js=on
which is the "Register" link from Santander's online banking logon page
(noone can logon to their Santander banking either, and we see the same
in the logs).
we have also had to exclude the following domains from bumping for the
same reason:
.threadneedle.co.uk
.santander.co.uk
.bankline.rbs.com
.socgen.com
.mandg.co.uk
Other SSL sites bump fine so I'm not sure what is happening here.
Cheers
Alex