Squid tls issues after upgrade

Started by F00d3r, February 11, 2024, 05:19:08 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 11, 2024, 05:19:08 PM
Hello,

after upgrading to the 24 release and Squid 6.6 the tls filtering stopped working for me. As soon as I enable the tls filtering, every connection gets bumped, nonetheless the config and in the cache log the following error message shows up or every connection:

kid1| ERROR: failure while accepting a TLS connection on conn3061 local=x.x.x.x:443 remote=x.x.x.x:34312 FD 38 flags=33: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000416+TLS_IO_ERR=1

As soon as I uncheck the 'Enable SSL inspection' option within the forward proxy tab, squid starts working correctly.

Any ideas?

Bests,
F00d3r
April 18, 2024, 04:47:25 AM #1
Did you find a solution to this?
I've just setup a fresh install and getting the same error.
July 03, 2024, 08:21:19 PM #2
I am also getting this error with pfSense plus

Code Select

Squid - Cache Logs
Date-Time Message
31.12.1969 16:00:00
03.07.2024 10:54:34 kick abandoning conn7853 local=192.168.1.1:3128 remote=192.168.1.5:49710 FD 89 flags=1
31.12.1969 16:00:00
03.07.2024 10:54:29 kick abandoning conn7844 local=192.168.1.1:3128 remote=192.168.1.5:49702 FD 81 flags=1
03.07.2024 10:54:09 ERROR: failure while accepting a TLS connection on conn7648 local=192.168.1.1:3128 remote=192.168.1.5:49672 FD 44 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:54:09 ERROR: failure while accepting a TLS connection on conn7647 local=192.168.1.1:3128 remote=192.168.1.5:49670 FD 43 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:54:09 ERROR: failure while accepting a TLS connection on conn7646 local=192.168.1.1:3128 remote=192.168.1.5:49668 FD 34 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:53:04 ERROR: failure while accepting a TLS connection on conn7367 local=192.168.1.1:3128 remote=192.168.1.5:49627 FD 22 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:52:47 ERROR: failure while accepting a TLS connection on conn7345 local=192.168.1.1:3128 remote=192.168.1.5:49618 FD 31 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:52:38 ERROR: failure while accepting a TLS connection on conn7340 local=192.168.1.1:3128 remote=192.168.1.5:49616 FD 45 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
03.07.2024 10:52:34 ERROR: failure while accepting a TLS connection on conn7316 local=192.168.1.1:3128 remote=192.168.1.5:49609 FD 45 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
31.12.1969 16:00:00
03.07.2024 10:51:55 WARNING: Error Pages Missing Language: en-us
31.12.1969 16:00:00
03.07.2024 10:51:55 ERROR: loading file 9;/usr/local/etc/squid/errors/en-us/ERR_ZERO_SIZE_OBJECT': (2) No such file or directory
03.07.2024 10:51:44 ERROR: failure while accepting a TLS connection on conn7102 local=192.168.1.1:3128 remote=192.168.1.5:49574 FD 34 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:51:28 ERROR: failure while accepting a TLS connection on conn7071 local=192.168.1.1:3128 remote=192.168.1.5:49568 FD 92 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:50:29 ERROR: failure while accepting a TLS connection on conn6944 local=192.168.1.1:3128 remote=192.168.1.5:49534 FD 101 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
03.07.2024 10:49:54 ERROR: failure while accepting a TLS connection on conn6866 local=192.168.1.1:3128 remote=192.168.1.5:49519 FD 31 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:49:38 ERROR: failure while accepting a TLS connection on conn6809 local=192.168.1.1:3128 remote=192.168.1.5:49503 FD 31 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
31.12.1969 16:00:00
03.07.2024 10:49:32 ERROR: system call failure while accepting a TLS connection on conn6794 local=192.168.1.1:3128 remote=192.168.1.5:49496 FD 19 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_IO_ERR=5+errno=54
03.07.2024 10:49:24 ERROR: failure while accepting a TLS connection on conn6776 local=192.168.1.1:3128 remote=192.168.1.5:49481 FD 137 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
03.07.2024 10:48:49 ERROR: failure while accepting a TLS connection on conn6440 local=192.168.1.1:3128 remote=192.168.1.5:49424 FD 16 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
03.07.2024 10:48:49 ERROR: failure while accepting a TLS connection on conn6445 local=192.168.1.1:3128 remote=192.168.1.5:49426 FD 34 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:48:22 ERROR: failure while accepting a TLS connection on conn6035 local=192.168.1.1:3128 remote=192.168.1.5:49355 FD 226 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
03.07.2024 10:48:09 ERROR: failure while accepting a TLS connection on conn5887 local=192.168.1.1:3128 remote=192.168.1.5:49318 FD 33 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:48:09 ERROR: failure while accepting a TLS connection on conn5875 local=192.168.1.1:3128 remote=192.168.1.5:49312 FD 216 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:48:09 ERROR: failure while accepting a TLS connection on conn5876 local=192.168.1.1:3128 remote=192.168.1.5:49314 FD 217 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:47:57 ERROR: failure while accepting a TLS connection on conn5815 local=192.168.1.1:3128 remote=192.168.1.5:49297 FD 201 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
03.07.2024 10:47:54 ERROR: failure while accepting a TLS connection on conn5760 local=192.168.1.1:3128 remote=192.168.1.5:49289 FD 195 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
03.07.2024 10:47:52 ERROR: failure while accepting a TLS connection on conn5717 local=192.168.1.1:3128 remote=192.168.1.5:49284 FD 195 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
03.07.2024 10:47:50 ERROR: failure while accepting a TLS connection on conn5552 local=192.168.1.1:3128 remote=192.168.1.5:49268 FD 142 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
31.12.1969 16:00:00
03.07.2024 10:47:34 kick abandoning conn5254 local=192.168.1.1:3128 remote=192.168.1.5:49209 FD 100 flags=1
31.12.1969 16:00:00
03.07.2024 10:47:21 kick abandoning conn5022 local=192.168.1.1:3128 remote=192.168.1.5:49167 FD 37 flags=1
31.12.1969 16:00:00
03.07.2024 10:47:21 kick abandoning conn5020 local=192.168.1.1:3128 remote=192.168.1.5:49165 FD 36 flags=1
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
03.07.2024 10:42:22 WARNING: Forwarding loop detected for:
03.07.2024 10:40:08 ERROR: failure while accepting a TLS connection on conn4955 local=192.168.1.1:3128 remote=192.168.1.5:52339 FD 98 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
31.12.1969 16:00:00
03.07.2024 10:39:52 kick abandoning conn4927 local=192.168.1.1:3128 remote=192.168.1.5:52331 FD 105 flags=1
03.07.2024 10:39:09 ERROR: failure while accepting a TLS connection on conn4846 local=192.168.1.1:3128 remote=192.168.1.5:52314 FD 19 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:38:14 ERROR: failure while accepting a TLS connection on conn4650 local=192.168.1.1:3128 remote=192.168.1.5:52274 FD 35 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000418+TLS_IO_ERR=1
03.07.2024 10:38:08 ERROR: failure while accepting a TLS connection on conn4645 local=192.168.1.1:3128 remote=192.168.1.5:52272 FD 35 flags=1: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000417+TLS_IO_ERR=1
03.07.2024 10:38:04 ERROR: Unsupported TLS option SINGLE_ECDH_USE
03.07.2024 10:38:04 ERROR: Unsupported TLS option SINGLE_DH_USE
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00
31.12.1969 16:00:00


I can still see the ClamAV splash screen as well as my URL blocks however it functions..


Per Squid Developers...

cache_object://URL Scheme is not removed in Squid-6
cache_object://hostname/request@password

Is used to check status inside the pfSense GUI for this package

It has been replaced with
http://hostname/squid-internal-mgr URL-prefix.

Therefore it will now say access denied when checking status

The status page needs to be updated to reflect the new URL scheme

I spoke with Squid user support and they have confirmed the new URL scheme

Ref:
https://wiki.squid-cache.org/Features/CacheManager/CacheObjectScheme

Did OpenSense already fix the status pages?
Print
Go Up Pages1
User actions