Squid - SSL 有时会下降

发布于 11-14 04:10 字数 596 浏览 3 评论 0原文

我们有一个鱿鱼充当另一台服务器的代理(两个连接都是安全的)。通常情况下,它工作得很好,但是每隔几天我们的客户就会收到“无法建立与...的安全连接”“(71) 协议错误”页面。只有重新启动才有帮助。

查看cache.log,我可以看到以下消息不断增加(从 3-4 条消息开始,工作正常一分钟,然后另外 10 条左右,工作正常,然后完全爆发):

fwdNegotiateSSL: Error negotiating SSL connection on FD 15: error:1408C095:SSL     routines:SSL3_GET_FINISHED:digest check failed (1/0/0)
TCP connection to xxx.xxx.com/443 failed
fwdNegotiateSSL: Error negotiating SSL connection on FD 15: error:1408F119:SSL     routines:SSL3_GET_RECORD:decryption failed or bad record mac (1/-1/0)

任何人都遇到过此问题?知道怎么解决吗?知道如何轻松地重新创建吗?

谢谢!

We have a squid acting as a proxy to another server (both connections are secured). Normally, it works perfectly, however every few days our customers get a "Failed to establish a secure connection to ..." "(71) Protocol error" page. Only restart helps.

Looking into cache.log, I can see an increasing burst of the following message (starting with 3-4 messages, working fine for a minute, then another 10 or so, working fine, and then a full burst):

fwdNegotiateSSL: Error negotiating SSL connection on FD 15: error:1408C095:SSL     routines:SSL3_GET_FINISHED:digest check failed (1/0/0)
TCP connection to xxx.xxx.com/443 failed
fwdNegotiateSSL: Error negotiating SSL connection on FD 15: error:1408F119:SSL     routines:SSL3_GET_RECORD:decryption failed or bad record mac (1/-1/0)

Anyone encountered this problem? Know how to solve? Know how to recreate easily?

Thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

幽梦紫曦~2024-11-21 04:10:05

有人遇到过这个问题吗?知道怎么解决吗?知道如何轻松地重新创建吗?

根据频率,这听起来像是暂时性硬件或网络错误。设备是否出现故障或线路是否脏污?我过去都见过,电信都修好了。由于设备出现故障,他们最终更换了 NID。对于脏线,误码率测试 (BERT) 检测到脏线。我认为他们在实体工厂中给了我们一些新的铜。我还看到 Dell 服务器上的 Braodcom 卡以神秘的方式出现故障。

Anyone encountered this problem? Know how to solve? Know how to recreate easily?

Based on the frequency, it sounds like a transient hardware or network error. Is the equipment failing or the line dirty? I have seen both in the past, and the telecom fixed both. For the equipment failing, they ended up replacing their NID. For the dirty line, a Bit Error Rate Test (BERT) detected a dirty line. I think they gave us some new copper in the physical plant. I've also seen Braodcom cards fail on Dell servers in mysterious ways.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文