Squid - SSL 有时会下降
我们有一个鱿鱼充当另一台服务器的代理(两个连接都是安全的)。通常情况下,它工作得很好,但是每隔几天我们的客户就会收到“无法建立与...的安全连接”“(71) 协议错误”页面。只有重新启动才有帮助。
查看cache.log,我可以看到以下消息不断增加(从 3-4 条消息开始,工作正常一分钟,然后另外 10 条左右,工作正常,然后完全爆发):
fwdNegotiateSSL: Error negotiating SSL connection on FD 15: error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed (1/0/0)
TCP connection to xxx.xxx.com/443 failed
fwdNegotiateSSL: Error negotiating SSL connection on FD 15: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac (1/-1/0)
任何人都遇到过此问题?知道怎么解决吗?知道如何轻松地重新创建吗?
谢谢!
We have a squid acting as a proxy to another server (both connections are secured). Normally, it works perfectly, however every few days our customers get a "Failed to establish a secure connection to ..." "(71) Protocol error" page. Only restart helps.
Looking into cache.log, I can see an increasing burst of the following message (starting with 3-4 messages, working fine for a minute, then another 10 or so, working fine, and then a full burst):
fwdNegotiateSSL: Error negotiating SSL connection on FD 15: error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failed (1/0/0)
TCP connection to xxx.xxx.com/443 failed
fwdNegotiateSSL: Error negotiating SSL connection on FD 15: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac (1/-1/0)
Anyone encountered this problem? Know how to solve? Know how to recreate easily?
Thanks!
根据频率,这听起来像是暂时性硬件或网络错误。设备是否出现故障或线路是否脏污?我过去都见过,电信都修好了。由于设备出现故障,他们最终更换了 NID。对于脏线,误码率测试 (BERT) 检测到脏线。我认为他们在实体工厂中给了我们一些新的铜。我还看到 Dell 服务器上的 Braodcom 卡以神秘的方式出现故障。
Based on the frequency, it sounds like a transient hardware or network error. Is the equipment failing or the line dirty? I have seen both in the past, and the telecom fixed both. For the equipment failing, they ended up replacing their NID. For the dirty line, a Bit Error Rate Test (BERT) detected a dirty line. I think they gave us some new copper in the physical plant. I've also seen Braodcom cards fail on Dell servers in mysterious ways.