Search squid archive

Re: Default host_verify_strict behavior appears to have changed as of 3.5.25

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



OK this may be irrelevant to the "host_verify_strict" setting, its just when
I looked at the messages like "2018/02/07 17:57:45 kid1| SECURITY ALERT: on
URL: sqs.us-west-2.amazonaws.com:443" in the cache.log it led me to believe
this was a feature of "RFC 2616 section 14.23" and that the default setting
of host_verify_strict off would log these errors and allow access to these
sites.

On 3.5.20 the access log appeared to have very few 409 status returns.

Since going to 3.5.25 and now 3.5.27 incase recent changes fixed the
behavior I was seeing there are many 409 status returned in the logs and
many more SSL issues talking to sites like AWS that use a number of IP
address's that might not be able to be verified.

It seems either I use 3.5.20 and restart squid when the FD's get close to
maximum or I have these SSL problems with client connections, what is needed
to try and investigate this further as it appears to have changed with the
bug fix 4508.

Thanks.

Steve.



--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux