[squid-users] 2016/02/12 15:59:40 kid1| hold write on SSL connection on FD 25
Yuri Voinov
yvoinov at gmail.com
Mon Feb 15 13:55:45 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
15.02.16 19:09, Amos Jeffries пишет:
> On 12/02/2016 11:04 p.m., Yuri Voinov wrote:
>> Hi gents.
>>
>> Does anybody meet this issue?
>>
>> This one:
>>
>> ssl_bump peek step1
>> ssl_bump splice disable-ssl-bump
>> ssl_bump stare step2
>> ssl_bump bump all
>>
>> always lead to much records in cache.log:
>>
>> 2016/02/12 15:59:40 kid1| hold write on SSL connection on FD 25
>> 2016/02/12 15:59:40 kid1| hold write on SSL connection on FD 85
>> 2016/02/12 15:59:47 kid1| hold write on SSL connection on FD 26
>> 2016/02/12 15:59:52 kid1| hold write on SSL connection on FD 26
>> 2016/02/12 15:59:53 kid1| hold write on SSL connection on FD 10
>>
>> and, then, ran out of filedescriptors soon.
>>
>> Note: This is independent from OS/platform/Squid's version. Either 3.5
>> or 4.0 - both demonstrate this behaviour.
>>
>> If I remove stare rule - issue is gone. But - of course, stare is
gone too.
>>
>> Question.
>>
>> What is this? Bug, feature, by stupid configuration?
>
>
> You know what "stare" does right?
Sure.
>
> Squid sends its ClientHello to the server and puts a "hold" on
> recieving more TLS data from the client until the upstream server has
> responded. Then waits for the ServerHello, ... and waits, ...
So what? Stare is useless?
>
>
> It sounds like yours is waiting a very long time.
Ok. Why?
>
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWwdjhAAoJENNXIZxhPexGeh4IAKVgZiCw+exwaaBAQxjcJtfP
em3MmrfabMOw2bRnGwlEHKP8aQ7vq5GXNtPQsCvugV+JM6pXRDSxnBFW8Xo8fGVU
HoZpACeAQqwzPTRi0EgXvym3YlSgcXUAnAVN5xqMSFnSD17FT0bnfUhXaXqp/woG
bRpQRLjdSYOyMuico/l3Uy9saP/fsYORR9XnmBrd3m+65KjX7xJ189QenzP7quyy
9ucKmCju8I/c5ktmZ/hgMY9xG/4FQxRTP3HolULz7+GV2wa+3/sgugxH/TIlUQ7z
hENtfpxMXoeaOje9odw2LWe4VjfGErVGmwxGZWQq86j3QjOZ0AdAmHApMRwFKqg=
=VBmE
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160215/30a96296/attachment-0001.key>
More information about the squid-users
mailing list