Re: [squid-users] SSL Problem

From: Larry J Eng <[email protected]>
Date: Mon, 2 Jul 2001 11:34:58 -0400

Hi Dirk,
     Thanks for the suggestion. The MTU was already set to 1500 and the MSS was
set for the default:
ndd -get /dev/tcp tcp_mss_def 536
ndd -get /dev/tcp tcp_mss_max 65495
ndd -get /dev/tcp tcp_mss_min 1

I set the default and the max to 512, but it didn't help. I don't remember if I
 rebooted the box, but do you know if it needs a reboot before the settings take
 effect?
Also, here's something that's strange... I just installed a pair of Sun 250
Servers with Squid and it runs perfectly. I tarred up the copy of Squid on the
E3500 and moved it over to the 250 Servers, and they work perfectly! BUT I
still need to resolve why I'm getting this problem with the E3500's because
they're for different locations.

Anyone else have any ideas on why I would get this problem with the E3500
Servers and not with the 250 Servers? Oh, in case you are wondering the E3500
Servers have 2 CPU's currently I believe, and the 250's are currently
uni-processor.

Thanks,
Larry

Dirk Datzert <Dirk.Datzert@rasselstein-hoesch.de> on 06/09/2001 03:48:17 AM

To: Larry J Eng/TheGuardian@TheGuardian
cc:

Subject: Re: [squid-users] SSL Problem

Hi Larry,

I had a similar problem a few weeks ago. I work on a SuSE Linux Kernel 2.2.19 on
Compaq DL360 with 2 eth-NICs

I saw that communication to Sites which sent wore than 1500 Bytes per Paket
hangs up
the Connection.

I solved my problem as follows:

ifconfig eth0 MTU 1500
route add default gw my.x.y.z mss 1460

network restart, route restart

MTU: Maximum Transfer Unit
MSS: Maximum Segmentation Size
you can search this key words with kernel and proc settings in the internet.

Try it and give me a feedback

CU
Dirk

Larry J Eng schrieb:

> Hello All,
> Does anyone have some ideas about this problem... it's got me completely
> stumped. I've tried recompiling and it hasn't helped. I've also sniffed the
> connection from the Solaris and AIX machines. From the sniff, it looks like
the
> Solaris machine is sending a FIN/ACK back to the webserver and is waiting for
a
> response, because I see squid keep sending FIN/ACK's to the web server (about
1
> every 30 seconds)... and this is also when the web browser hangs. On the AIX
> machine, it also sends a FIN/ACK out BUT will go on to the next
> connection/object it needs to handle. Any ideas? Is this a TCP stack problem
> on the Solaris machine? ... because I know some of the TCP parameters are
> slightly different (like the TTL, etc.).
> Any ideas will be appreciated and sorry about the long post, but I wanted
> to make sure everyone kinda got the background from my previous emails.
>
> Thanks,
> Larry
>
> ---------------------- Forwarded by Larry J Eng/TheGuardian on 06/08/2001
01:39
> PM ---------------------------
>
> "Larry J Eng" <Larry_J_Eng@glic.com> on 05/15/2001 08:29:50 AM
>
> To: squid-users@squid-cache.org
> cc: (bcc: Larry J Eng/TheGuardian)
>
> Subject: Re: [squid-users] SSL Problem
>
> OK, I tried to lower the cache settings, but it didn't help. I don't see
> anything out of the ordinary in the logs. I've had netstat running in a loop
> while I try to connect to the site, and it looks as if Squid does send an SSL
> request but it doesn't send it to the desktop. Also, when it hangs on the
logon
> screen I can keep hitting the login button until it sends the page back to me.
>
> I know this is a weird problem... any help would be appreciated.
> Thanks,
> Larry
>
> "Larry J Eng" <Larry_J_Eng@glic.com> on 05/14/2001 04:20:10 PM
>
> To: squid-users@squid-cache.org
> cc: (bcc: Larry J Eng/TheGuardian)
>
> Subject: [squid-users] SSL Problem
>
> Hello All,
> I have a very strange problem. I am running on Solaris 2.7 with Squid
> 2.3.Stable4. There is an SSL site that my users are accessing, but when they
> enter in their userid and password in the SSL page it basically hangs there.
I
> can reproduce this problem every time. I have been testing by using 3
> workstations with IE. I pull up the SSL signon page with all three of them
and
> enter in the userid/password. Then I hit enter one after the other.
Basically
> the first machine or which ever one actually communicates to Squid first will
> get the page and the other 2 machines will sit there and wait. I also have
the
> same version of Squid running on an AIX 4.3.3 machine just fine. They are
> actually smaller hardware wise, but I don't experience any sort of problems
from
> them.
> The configurations for both the Solaris and AIX machines are the same,
> except for the memory and cache size. The Solaris machine is set for 256 Mb
of
> RAM and 2048 Mb of cache. The AIX machine is set for 24 Mb of RAM and 200 Mb
of
> cache. Yeah I know... BIG size difference.
>
> Any ideas? It's been bugging me for a while. I'm going to try strinking the
> RAM and cache of the Solaris machine to the same size as the AIX.
>
> Thanks,
> Larry
Received on Mon Jul 02 2001 - 09:38:07 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:58 MST