Hey Sachin, What's the issue? That the logs don't reflect the reality? Thanks, Eliezer From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of sachin gupta Sent: Thursday, May 25, 2023 18:21 To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: TCP_TUNNEL/500 in squid logs in squid 5.9 Hi All We are migrating for squid 4.15 to squid 5.9. We are running our existing test suite to check if we pass our sanity testing. For requests in transparent mode, though request passes and client get 200, in squid logs we are getting TCP_TUNNEL/500. We were not getting this issue with squid 4.15. Client logs curl -v https://origin/cache/0 * Trying 10.80.96.68:443... * TCP_NODELAY set * Connected to origin (10.80.96.68) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-SHA * ALPN, server did not agree to a protocol * Server certificate: * subject: C=US; ST=CA; L=SF; O=SFDC; OU=0:ns.tester;1:mvp;2:mist51;3:na44;4:dev1; CN=origin * start date: Jul 26 06:59:41 2022 GMT * expire date: Jul 26 06:59:41 2023 GMT * subjectAltName: host "origin" matched cert's "origin" * issuer: C=US; ST=CA; L=SF; O=SFDC; OU=Edge; CN=ca * SSL certificate verify ok. > GET /cache/0 HTTP/1.1 > Host: origin > User-Agent: curl/7.67.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: origin < Date: Thu, 25 May 2023 15:08:57 GMT < Connection: close < Content-Type: application/json < Content-Length: 162 < Cache-Control: public, max-age=0 < Access-Control-Allow-Origin: * < Access-Control-Allow-Credentials: true < {"args":{},"headers":{"Accept":"*/*","Host":"origin","User-Agent":"curl/7.67.0","X-Origin-Server":"origin"},"origin":"10.80.96.3","url":"https://origin/cache/0"} * Closing connection 0 * TLSv1.2 (OUT), TLS alert, close notify (256): Squid access logs [25/May/2023:15:08:57] 31 http://10.80.96.6:51028 - NONE_NONE/000 0 CONNECT http://10.80.96.68:443 tester HIER_NONE/- - - tester 746573746572 dagobah [-] - [-] - [-] - 0 0 - - [origin] [25/May/2023:15:08:57] 40 http://10.80.96.6:51028 - TCP_TUNNEL/500 800 CONNECT origin:443 tester HIER_DIRECT/origin 10.80.96.68 - tester 746573746572 dagobah [-] - [-] - [-] - 1969 2769 4 33 [origin] Can someone please help in this. Regards Sachin _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
