[squid-users] High CPU Usage with ssl_bump

Amos Jeffries squid3 at treenet.co.nz
Thu Apr 21 19:04:21 UTC 2016


On 22/04/2016 6:20 a.m., Odhiambo Washington wrote:
> Hi Alex,
> 
> I have now changed to *configurations suggested specifically for your use
> case, on this email thread* :)
> 
> 
> 
> acl no_ssl_interception ssl::server_name
> "/usr/local/etc/squid/ssl_bump_broken_sites.txt"
> ssl_bump splice no_ssl_interception
> ssl_bump stare all
> ssl_bump bump all
> 
> Now, suppose, as I think in my mind, bumping isn't really what I need, can
> I just comment out 'ssl_bump bump all'  and sit easy or should I switch to
> ssl_bump splice all ??

No the "stare" being done will prevent splice and you will see breakage
or unexpected things again.

You have to replace 'stare' with 'peek' AND replace 'bump' with 'splice'.

Amos



More information about the squid-users mailing list