I was using squid 3.5.20 I encountered an issue running out of File Descriptors on Centos7, the scebario was that sockets would be abandoned in a "CLOSE_WAIT" state forever until the server ran out of FD's. Searching I found the following BUG. https://bugs.squid-cache.org/show_bug.cgi?id=4508 This is listed as being a fix at 3.5.25, so I installed that version, once installed the FD problem seemed to be resolved, but now there is another issue "Default Value: host_verify_strict off" seems to be lost, in my access logs I get an number of entries: 2018-02-07 17:10:42 0 10.x.x.x TAG_NONE/409 3941 CONNECT sqs.us-west-2.amazonaws.com:443 sqs.us-west-2.amazonaws.com HIER_NONE/- text/html Cache logs I get: 2018/02/07 17:57:45 kid1| SECURITY ALERT: on URL: sqs.us-west-2.amazonaws.com:443 And the clients making those requests tend to see dropped connections with a "SSL: UNKNOWN_PROTOCOL" error. I tried setting the value "host_verify_strict off" but it did not appear to have any effect. It looks like this fix for the File Descriptors has broken something else. Thanks. Steven Oakley. -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
