[squid-users] Long delays with TLS

James Moe jimoe at sohnen-moe.com
Thu Sep 13 19:00:03 UTC 2018 

Hello,
  squid 4.0.23
  linux 4.12.14-lp150.12.7-default x86_64

  We have been seeing frequent, but not consistent, delays when proxying
TLS requests while browsing. By disabling the proxy, those delays
stopped occurring.
  I can see no obvious hint in either the access or cache logs.
  (Is there a way to use ISO time format in the logs?)

  Where should I look to find what is causing the delay?

----[ conf ]----
acl manager_admin src 192.168.69.115
#
# acl localnet src fc00::/7
# acl localnet src fe80::/10
#
acl SSL_ports port 443
acl SSL_ports port 631
#
# Jumpline cPanel ports
acl SSL_ports port 2083
acl SSL_ports port 2096
#
# sma-nas-02, cgatePro, webadmin
acl SSL_ports port 5000
acl SSL_ports port 5001
acl SSL_ports port 9010
acl SSL_ports port 9100
acl SSL_ports port 10000
#
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 563
acl Safe_ports port 631
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 9100
#
acl CONNECT method CONNECT
acl localnet src 192.168.69.0/24

access_log /var/log/squid/access.log
#
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager_admin
http_access allow manager localhost
http_access deny manager
http_access allow localnet
http_access deny all

# Squid normally listens to port 3128
http_port 3128

cache_dir ufs /data01/var/cache/squid 51200 16 256
maximum_object_size 99999 KB
cache_mem 256 MB
coredump_dir /var/cache/squid

refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i  (/cgi-bin/|\?) 0 0 0
refresh_pattern . 0 20 4320

cache_log /var/log/squid/cache.log
cache_mgr jimoe at sohnen-moe.com
cache_replacement_policy lru
cache_store_log /var/log/squid/store.log
cache_swap_high 95
cache_swap_low 90
client_lifetime 1 days
connect_timeout 2 minutes
error_directory /usr/share/squid/errors/en
ftp_passive on
memory_replacement_policy lru
minimum_object_size 0 KB
----[ end ]----

-- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180913/2308dc25/attachment-0001.sig>

More information about the squid-users mailing list