[squid-users] High CPU Usage with ssl_bump

Odhiambo Washington odhiambo at gmail.com
Thu Apr 21 19:59:43 UTC 2016


On 21 April 2016 at 22:04, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 22/04/2016 6:20 a.m., Odhiambo Washington wrote:
> > Hi Alex,
> >
> > I have now changed to *configurations suggested specifically for your use
> > case, on this email thread* :)
> >
> >
> >
> > acl no_ssl_interception ssl::server_name
> > "/usr/local/etc/squid/ssl_bump_broken_sites.txt"
> > ssl_bump splice no_ssl_interception
> > ssl_bump stare all
> > ssl_bump bump all
> >
> > Now, suppose, as I think in my mind, bumping isn't really what I need,
> can
> > I just comment out 'ssl_bump bump all'  and sit easy or should I switch
> to
> > ssl_bump splice all ??
>
> No the "stare" being done will prevent splice and you will see breakage
> or unexpected things again.
>
> You have to replace 'stare' with 'peek' AND replace 'bump' with 'splice'.
> <http://lists.squid-cache.org/listinfo/squid-users>
>

Like below???


acl no_ssl_interception ssl::server_name
"/usr/local/etc/squid/ssl_bump_broken_sites.txt"
ssl_bump splice no_ssl_interception
ssl_bump peek all
ssl_bump splice all


Thank you.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160421/c787275c/attachment.html>


More information about the squid-users mailing list