Notice, it appears on both http/https ports Transparent Ports are freezing each 10 minutes. I mention that in normal port there is no issue, the issue can be generated only on transparent mode. De : squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] De la part de David Touzeau Hi I’m using Squid Cache: Version 4.0.22 in transparent method After several times the SSL port going into « freeze mode » and write in logs 1516660011.849 000000 192.168.1.214 NONE/000 0 NONE error:transaction-end-before-headers – Doing a squid -k reconfigure release all freeze requests and proxy run in normal behavior and return back to freeze mode after 1 or 2 hours How to fix this issue ? Using the defined configuration : http_port 192.168.1.1:50634 intercept disable-pmtu-discovery=transparent name=MyPortNameID27 https_port 192.168.1.1:50635 intercept disable-pmtu-discovery=transparent name=MyPortNameID28 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid3/ssl/cb623e9bf c65772f68b84393604cd6ea.dyn tls-dh=/etc/squid3/ssl/dhparam.pem sslcrtd_program /lib/squid3/security_file_certgen -s /var/lib/squid/session/ssl/ssl_db -M 8MB sslcrtd_children 16 startup=5 idle=1 acl FakeCert ssl::server_name .apple.com acl FakeCert ssl::server_name .icloud.com acl FakeCert ssl::server_name .mzstatic.com acl FakeCert ssl::server_name .dropbox.com acl ssl_step1 at_step SslBump1 acl ssl_step2 at_step SslBump2 acl ssl_step3 at_step SslBump3 ssl_bump peek ssl_step1 ssl_bump splice GlobalWhitelistDSTNet ssl_bump splice GlobalWhitelistDomainsRx ssl_bump splice GlobalWhitelistDomains ssl_bump splice FakeCert ssl_bump splice all |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users