On 9/3/19 7:47 AM, KOTOXJle6 wrote: > I have this errors in /var/log/squid/cache.log > > /ERROR: negotiating TLS on FD 46: error:1425F175:SSL > routines:ssl_choose_client_version:inappropriate fallback (1/-1/0)/ According to the discussion linked below, these errors may be "normal": https://security.stackexchange.com/questions/160922/ssl-error-inappropriate-fallback-and-tls-fallback-scsv To confirm that they are normal, you would need to isolate traffic from the affected client and see whether its previous connection or tunneling attempt has failed for some reason. > /ERROR: negotiating TLS on FD 104: error:14094410:SSL > routines:ssl3_read_bytes:sslv3 alert handshake failure (1/-1/0) > / > > /ERROR: negotiating TLS on FD 27: error:1423406E:SSL > routines:tls_parse_stoc_sct:bad extension (1/-1/0)/ A similar problem was discussed at http://lists.squid-cache.org/pipermail/squid-users/2019-April/020506.html If your OpenSSL installation is reasonably fresh, then you will need to isolate the failure to where you can connect TCP packet samples and/or Squid debugging logs. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
