[squid-users] 3.5.20 run out of my memory.

Amos Jeffries squid3 at treenet.co.nz
Wed Feb 7 12:23:07 UTC 2018


On 07/02/18 19:34, minh hưng đỗ hoàng wrote:
> Dear all, i use squid 3.5.20 on ubuntu14 in TPROXY mode.
> With basic config in squid.conf, but squid is run out of my server's memory.
> Here is my configure option :
...
> 
> https_port 3130 tproxy ssl-bump generate-host-certificates=on
> dynamic_cert_mem_cache_size=4MB
> cert=/etc/squid/ssl/e1f19c0494badc8dc14e8c4c56a8b97a.dyn

Please add sslflags=NO_DEFAULT_CA to the above config line. That should
reduce the memory usage a lot.

If the problems remains please try:
 a) removing that patch. It makes your Squid vulnerable to the worst
security issues Squid has faced this century.
 (One of the MANY effects of that vulnerability is ability of remote
attackers to consume large amounts of your network resources without any
traceability or visibility.)

  b) upgrade to Squid-4. The version is still in beta due to a few
issues, but overall MUCH better for SSL-Bump than Squid-3.


Amos


More information about the squid-users mailing list