[squid-users] https bug slow browsing

Mon Dec 29 19:34:53 UTC 2014

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Hack,

So now the image is much clear.
I would assume that the ssl DB is stored in the SSD and not on sniping
disks.
Since the issue is with SSL only the issue still should be tested with
no disk cache at all.
This is to test the SSL issue and minimize the relevant data.
I do not know the exact reasons for all errors but couple pointers.

* for squid ssl-bump you will need a rootCA certificate which cannot
be bought by just anyone and there for the assumption to buy one is
not an option.
* All over the world many work places use a local rootCA for internal
usage and ssl content inspection and it's not a new thing that you
cannot buy a rootCA certificate(or in this case private key) and it
will be published to just anyone.

Specifically for the FD and\or ssl negotiation issue, it is possible
that such an issue will arise since there are more then couple cases
which sslctrd helper might was not immunized against.
The source for the issue can be (from my eyes) in the network level or
the disk level or others.
In any case if the issue came up and exists and the reason for the
issue is squid internals that causes crashes(can be seen in the
cache.log) the approach will be one.
While if the issue is not causing crashes and the service continues to
work properly but slow you maybe need to go one step back into the
load testing.
It's not the only option so a bug is an option but from my eyes squid
is just being honest with the admin about an issue.

I have seen your squid.conf and it's far from defaults.....
You can try to run "diff your_squid.conf default_squid.conf" and see
what I am talking about.

If you want to solve the issue I would recommend you like before to
start from 0 squid.conf and adding only the basics so at-least my head
can contain the picture about your server.

All The Bests,
Eliezer

On 12/29/2014 08:39 PM, HackXBack wrote:
> Dear Eliezer Croitoru, what you suggest for me already done , http
> not slow and http work like a charm but the slow in https traffic
> also there is drop on https packets also i mentioned the log when
> the packet https roped :
> 
> with 3.5.0.4 2014/12/23 19:33:10 kid1| Error negotiating SSL on FD
> 317: error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry
> (1/-1/0)
> 
> with 3.4.x Error negotiating SSL connection on FD 36: 
> error:00000000:lib(0):func(0):reason(0)
> 
> now i will downgrade for 3.4.10 and i will see a lot of logs while
> browsing https Error negotiating SSL connection on FD 36: 
> error:00000000:lib(0):func(0):reason(0)
> 
> 
> Another helpful question , i want to buy trusted certificate to use
> it with squid , the question is which type of certificate i need ,
> i bought one from X and its type for apache , but when i used it
> with squid , https error in browser says that invalid type, so what
> type of certificate i need for that ?
> 
> Thanks Very Much Best Regards.
> 
> 
> 
> -- View this message in context:
> http://squid-web-proxy-cache.1019090.n4.nabble.com/https-bug-slow-browsing-tp4668830p4668859.html
>
> 
Sent from the Squid - Users mailing list archive at Nabble.com.
> _______________________________________________ squid-users mailing
> list squid-users at lists.squid-cache.org 
> http://lists.squid-cache.org/listinfo/squid-users
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUoazdAAoJENxnfXtQ8ZQUv0IH/RUpy8hbyTy09ZJBv7UeLtn+
BwaDM6z2pKrTesW7ooxYfys3vfR11Fw1BZSzCLa0pzkHs8TUT3bNQYrh7RiXJbiy
KfNVGu22XUmlmo1+uVIc1FfJgu1j71wzxsY/rz6gD9Lgi2yOkdDZBr6A/qrW1ZTo
I0E8UaKAGLgiijHTCu91VY0g19ydP9yzs3e1MG10e0IQ4dwi/RuT86pI9mbVYfW4
rGaLakytyuoJ2Isq2naR5YkPjFG9prgDedO62gxE1UGftOJQ8Axotbglb+HJAcUO
0wCdapvRU86n+Uihqg8XVM7rZ8G7oM49D3o+Zefteu10n8jerJrXzAB3249VhKM=
=2x8x
-----END PGP SIGNATURE-----