[squid-users] High CPU Usage with ssl_bump
odhiambo at gmail.com
Thu Apr 21 19:59:43 UTC 2016
On 21 April 2016 at 22:04, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 22/04/2016 6:20 a.m., Odhiambo Washington wrote:
> > Hi Alex,
> > I have now changed to *configurations suggested specifically for your use
> > case, on this email thread* :)
> > acl no_ssl_interception ssl::server_name
> > "/usr/local/etc/squid/ssl_bump_broken_sites.txt"
> > ssl_bump splice no_ssl_interception
> > ssl_bump stare all
> > ssl_bump bump all
> > Now, suppose, as I think in my mind, bumping isn't really what I need,
> > I just comment out 'ssl_bump bump all' and sit easy or should I switch
> > ssl_bump splice all ??
> No the "stare" being done will prevent splice and you will see breakage
> or unexpected things again.
> You have to replace 'stare' with 'peek' AND replace 'bump' with 'splice'.
acl no_ssl_interception ssl::server_name
ssl_bump splice no_ssl_interception
ssl_bump peek all
ssl_bump splice all
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users