[squid-dev] High memory usage associated with ssl_bump and broken clients
Alex Rousskov
rousskov at measurement-factory.com
Mon Sep 11 14:28:53 UTC 2017
On 09/11/2017 05:05 AM, Steve Hill wrote:
> Connections should have a reasonably short timeout during the TLS
> handshake - if a client hasn't completed the handshake and made an HTTP
> request over the encrypted connection within a few seconds, something is
> broken and Squid should tear down the connection.
"Few seconds" would be too aggressive for a _default_ value IMO, but,
with recent Squids, you should be able to tune request_start_timeout to
match _your_ environment. If not, file a bug report.
> Amos has said he believes the connections should eventually time out
> (via the request_timeout option) but I don't think this is the case.
Then it is a bug worth reporting IMHO. FWIW, IIRC, there have been some
fixes to request_timeout (when request_start_timeout was added?) in
recent Squids, but I have not investigated the details or checked
whether those fixes (if any) were backported to Squid v3.
Alex.
More information about the squid-dev
mailing list