There has been a change in behaviour in 3.5.4. It now really does prefer
to contact a site using an ipv6 address rather than a v4. The network
stack here doesn't permit v6 so the traffic to sites such as google was
failing. Setting the following restored the previous behaviour:
dns_v4_first on
Thanks to Dan Charlesworth for pointing me in the correct direction.
Chris
On 03/05/15 18:01, Chris Palmer wrote:
Two other reports of the same problem (accessing some SSL sites) after
upgrading to Squid 3.5.4...
https://bugs.archlinux.org/task/44811
I'm at a bit of a loss to know where to start looking.
Just in case, I tried disabling ICAP (was using it for clamav) but no
difference.
Chris
Send squid-users mailing list submissions to
Date: Sat, 2 May 2015 12:07:13 +0100
From: "Chris Palmer" <chris9@xxxxxxxxxxxxx>
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: 3.5.4 Can't access Google or Yahoo SSL pages
Message-ID: <4d032c7eb0e7e4d04a3583b16bca73ff.squirrel@xxxxxxxxxxxxx>
Content-Type: text/plain;charset=iso-8859-1
I just built 3.5.4 and deployed (on FC21). Most pages work, but SSL to
e.g. Google and Yahoo fail. It is easily provoked by simply using the
search bar in firefox or IE.
Cache.log contains entries such as
2015/05/02 11:51:34 kid1| local=[::] remote=[2a00:1450:400c:c05::93]:443
FD 13 flags=1: read/write failure: (107) Transport endpoint is not
connected
Most SSL sites are ok, and all non-SSL sites I have tried. I am not
using
SSL-Bump.
It was built using eactly the same options as 3.5.3. Anyone else
experiencing this? Otherwise I will have to dig deeper...
Many thanks
Chris
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
