[squid-users] Huge memory required for squid 3.5
Yuri Voinov
yvoinov at gmail.com
Wed Apr 26 15:35:04 UTC 2017
Amos, stupid question.
Why sessions can't share CA's data cached in memory? shared_ptr invented
already.
This is openssl issue or squid's?
26.04.2017 9:08, Amos Jeffries пишет:
> On 26/04/17 10:53, Yuri Voinov wrote:
>> Ok, but how NO_DEFAULT_CA should help with this?
>
> It prevents OpenSSL copying that 1MB into each incoming client
> connections memory. The CAs are only useful there when you have some
> of the global CAs as root for client certificates - in which case you
> still only want to trust the roots you paid for service and not all of
> them.
>
> Just something to try if there are huge memory issues with TLS/SSL
> proxying. The default behaviour is fixed for Squid-4 with the config
> options changes. But due to being a major surprise for anyone already
> relying on global roots for client certs it remains a problem in 3.5.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
--
Bugs to the Future
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170426/c4f50458/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20170426/c4f50458/attachment.sig>
More information about the squid-users
mailing list