On 23/05/2016 8:18 p.m., Sagar Malve wrote: > Hi Team, > > Squid - Version 3.5.13 > > > Please find the below Squid Cache Logs > 2016/05/23 13:35:55 kid1| Error negotiating SSL connection on FD 138: > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) > 2016/05/23 13:35:55 kid1| Error negotiating SSL connection on FD 457: > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) > 2016/05/23 13:36:00 kid1| Error negotiating SSL connection on FD 33: > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) > 2016/05/23 13:36:01 kid1| Error negotiating SSL connection on FD 438: > error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca (1/0) > 2016/05/23 13:36:05 kid1| Error negotiating SSL connection on FD 555: (104) > Connection reset by peer <snip> > > ----------------------------Cache log End > -------------------------------------- > > Do we need to update openssl? I got to know these from the forum previous > post .... > If we need to update the openssl then where can we find the updated version > of CA Certs .... > OpenSSL and the global "Trusted CA" certificates are separate things. Keeping either of those to date would be a good idea even if doing so does not solve your issue. Whatever provider was used to get your current versions should have the latest available if you need updates. You do need to upgrade your Squid though. Current stable is 3.5.19. If the problems persist with that, you may want to try a 4.x beta release. There are additional fixes only available there that might be of use. Your current 3.5.13 version and all later ones contain the <http://www.squid-cache.org/Doc/config/sslproxy_foreign_intermediate_certs/> directive for loading intermediate CA certs that some servers do not provide. You can find talk about it and an archive maintained by Yuri in other recent threads on this list. That can resolve some of the "unknown ca" occurances. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
