OK this may be irrelevant to the "host_verify_strict" setting, its just when I looked at the messages like "2018/02/07 17:57:45 kid1| SECURITY ALERT: on URL: sqs.us-west-2.amazonaws.com:443" in the cache.log it led me to believe this was a feature of "RFC 2616 section 14.23" and that the default setting of host_verify_strict off would log these errors and allow access to these sites. On 3.5.20 the access log appeared to have very few 409 status returns. Since going to 3.5.25 and now 3.5.27 incase recent changes fixed the behavior I was seeing there are many 409 status returned in the logs and many more SSL issues talking to sites like AWS that use a number of IP address's that might not be able to be verified. It seems either I use 3.5.20 and restart squid when the FD's get close to maximum or I have these SSL problems with client connections, what is needed to try and investigate this further as it appears to have changed with the bug fix 4508. Thanks. Steve. -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
