[squid-users] High memory usage associated with ssl_bump and broken clients
squid3 at treenet.co.nz
Sat Sep 9 12:35:53 UTC 2017
On 09/09/17 04:37, Steve Hill wrote:
> I've identified a problem with Squid 3.5.26 using a lot of memory when
> some broken clients are on the network. Strictly speaking this isn't
> really Squid's fault, but it is a denial of service mechanism so I
> wonder if Squid can help mitigate it.
AFAIK every connection opened or accepted by Squid does have a timeout,
though some of them are long. The mitigation is probably to reduce
request_timeout (v2+) or better the request_start_timeout (v4+).
Please bring up your research on squid-dev mailing list so the guys
working on TLS/SSL and QA can all see it.
You may also need to update the networks congestion control algorithms
to ones that better handle RST packets.
More information about the squid-users