[squid-users] High CPU Usage with ssl_bump
Odhiambo Washington
odhiambo at gmail.com
Thu Apr 21 13:18:32 UTC 2016
Is is expected that using ssl_bump results into high CPU usage all the
time?
This is squid-3.5.17
That is what I am seeing:
last pid: 26673; load averages: 2.24, 2.00, 2.10
up 0+03:47:56 16:08:30
160 processes: 2 running, 157 sleeping, 1 zombie
CPU: 86.1% user, 0.0% nice, 7.8% system, 3.3% interrupt, 2.7% idle
Mem: 843M Active, 1942M Inact, 185M Wired, 43M Cache, 89M Buf, 97M Free
Swap: 5900M Total, 1248K Used, 5899M Free
PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU
COMMAND
13309 squid 17 20 0 305M 264M uwait 0 7:38 80.86%
squid
26088 squid 1 21 0 12812K 5352K sbwait 1 0:04 2.49%
ssl_crtd
26090 squid 1 20 0 12812K 5272K sbwait 1 0:01 0.88%
ssl_crtd
My config has:
acl no_ssl_interception ssl::server_name
"/usr/local/etc/squid/ssl_bump_broken_sites.txt"
ssl_bump splice no_ssl_interception
ssl_bump peek step1
ssl_bump stare step2
#ssl_bump bump all
#ssl_bump splice all
I think I read somewhere that 'ssl_bump splice all" is the default
behaviour, hence why I have commented it out. All I need is just become a
TCP tunnel without decrypting proxied traffic.
Thank you.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160421/e1e407c8/attachment.html>
More information about the squid-users
mailing list