On 7/06/19 6:50 pm, Techie wrote: > Hello, > > Previously running squid 3.1 on Centos 6, recently went to Centos7 with > squid 3.5. > Since the upgrade I have been receiving SSL errors connecting to https > sites. > > I notice in the log for squid 3.1I have entries like this when hitting > https sites > 172.16.80.25 TCP_MISS/200 6086 CONNECT www.securesite.com:443 > <http://www.securesite.com:443> - DIRECT/x.x.x.x > > Now they look to be utilizing TCP_TUNNEL as seen below with squid 3.5 > 192.168.2.10 TCP_TUNNEL/200 4371 CONNECT www.securesite.com:443 > <http://www.securesite.com:443> - HIER_DIRECT/x.x.x.x > > Is there a way to disable the TCP_TUNNEL feature? The "MISS" earlier was always a lie, implying that the cache had some involvement. These transactions are simply not involving cache in any way. The old version log entries that had CONNECT method with "TCP_MISS" are identical to what the newer versions log as CONNECT with "TCP_TUNNEL" If you are seeing "TUNNEL" logged, then Squid is not touching that traffic at all. Any TLS/SSL problems are an issue between the client and server directly talking that protocol to each other - Squid is irrelevant to traffic problems. If you are okay telling us what HTTPS errors exactly are showing up perhaps someone may be able to help with or at least identify where the problem actually is. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users