[squid-users] Is it safe to set number of sslcrtd_children to 50?

Amos Jeffries squid3 at treenet.co.nz
Fri Nov 14 07:37:57 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 14/11/2014 8:02 p.m., John Killimangalam Jacob wrote:
> Hi All,
> 
> For my configuration to use the ssl bump, I am setting the number
> of sslcrtd_children to 50. But in the documentation it is written
> that "The maximum this may be safely set to is 32" . When I set it
> to 32, I am getting warning that all 32/32 helpers are busy,
> consider increasing the number of helpers. So I increased it to 50
> and the warnings are no longer appearing. So is it safe to fix  the
> number of sslcrtd helpers to 50?I am aware that this setting may
> take more resources compared to the recommended one. Also  is there
> any restriction from the squid code/implementation on the maximum
> number of sslcrtd children?

The only limits internal to Squid are rather much higher than woudl be
reasonable to use. The lower restrictions that exist on helpers come
from the APIs or protocols they are using.

For the ssl_crtd helpers I suspect it is based around how many
concurrent uses of the cert database can safelly co-exist and entropy
the OS random generator can produce.

Christos workign on behalf of Measurement Factory wrote that text
though, so perhapse he can answer your question directly.

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUZbFVAAoJELJo5wb/XPRjZuQIAN0kueGDzqxNQtc2VgaAOQM6
RklXqy2lsm99capalMgBWUjzvN57UpYAyX6RZ/Thi0OjzVNGiM0OYF1DViHSJc07
EfuguSnYmpS/buIBYnvC3Vy35dO9lZ9wEsxWwDE+hKA0+q0lFjaENscetRVJ862F
Wg2UxvXW/96PnhRoUkMBwvAfGd+itjFIl+m/4iIWopHJcrhOs7qpc46XLDvAFyaz
5WiQf/ruxI69K8TjrhjJNXn5Az+Mk/qGO+2SAhrGdUlnyvnCVkRuVUaGwzwUn0T6
1z0o2eFvunbFy2oiPKjOHpmFAbldJ0QWT/n5jm+TIXJzj82weH5uPv8a9bvFhrE=
=yqzN
-----END PGP SIGNATURE-----


More information about the squid-users mailing list