Squid: ERROR: failure while accepting a TLS connection on...

[sjjh]

Since the last update to Opnsense 24.7 with squid as transparent http proxy and SSL SNI, some users report about being not able to access some https-websites. I tried to capture the relevant cache.log output excerpt (with "debug_options ALL, 1 11,6 26,6 83,6"):

Code Select Expand

2024/12/16 14:42:23.116 kid1| 83,5| Session.cc(96) NewSessionObject: SSL_new session=0x1c15fae80000
2024/12/16 14:42:23.116 kid1| 83,5| Session.cc(154) CreateSession: link FD 1247 to TLS session=0x1c15fae80000
2024/12/16 14:42:23.117 kid1| 83,5| bio.cc(114) write: FD 1247 wrote 2452 <= 2452
2024/12/16 14:42:23.118 kid1| 83,5| bio.cc(137) read: FD 1247 read -1 <= 5
2024/12/16 14:42:23.118 kid1| 83,5| Io.cc(92) Handshake: -1/35 for TLS connection 0x1c15fae80000 over conn19210 local=216.194.167.35:443 remote=10.63.10.46:60964 FD 1247 flags=33
2024/12/16 14:42:23.119 kid1| 83,5| bio.cc(137) read: FD 1247 read 5 <= 5
2024/12/16 14:42:23.119 kid1| 83,5| bio.cc(137) read: FD 1247 read 19 <= 19
2024/12/16 14:42:23.119 kid1| 83,5| Io.cc(92) Handshake: -1/0 for TLS connection 0x1c15fae80000 over conn19210 local=216.194.167.35:443 remote=10.63.10.46:60964 FD 1247 flags=33
2024/12/16 14:42:23 kid1| ERROR: failure while accepting a TLS connection on conn19210 local=216.194.167.35:443 remote=10.63.10.46:60964 FD 1247 flags=33: SQUID_TLS_ERR_ACCEPT+TLS_LIB_ERR=A000412+TLS_IO_ERR=1
2024/12/16 14:42:23.119 kid1| 83,5| Session.cc(201) SessionSendGoodbye: session=0x1c15fae80000
2024/12/16 14:42:23.119 kid1| 83,5| Session.cc(93) operator(): SSL_free session=0x1c15fae80000
Without squid, I can access the website just fine. The ssl parameters of the website connection seem to be ok: TLS_AES_256_GCM_SHA384. 256-Bit-Key. TLS 1.3), the cert is valid (according to Firefox).

What could be the issue here? How to debug further? Any help appreciated. :)

[sjjh]

*push* Anyone an idea? The issue persists with OPNsense 24.7.11_2-amd64. Thx!