[squid-users] SMP + Ssl-Bump squid-tls_session_cache.shm

Amos Jeffries squid3 at treenet.co.nz
Sun May 24 07:38:32 UTC 2020


On 24/05/20 3:31 pm, Joshua Bazgrim wrote:
> Squid 4.9
> Ubuntu 18.04.03
> 
> I'm trying to implement ssl-bumping into the frontend of a squid smp
> setup, but I keep getting the following error:
> FATAL: Ipc::Mem::Segment::open failed to
> shm_open(/squid-tls_session_cache.shm): (2) No such file or directory
> 
> shm is working correctly and generating/reading from other squid shm
> files, but not properly generating this file upon start-up in SMP mode.
> 
> My ssl-bump configuration works fine in non-smp mode.
> I'm guessing it's some sort of race condition to do with improperly
> setup config files for ssl-bumping, but unsure of how to correct it.
> 


The SHM problem is likely an issue between the frontend and coordinator
processes creating and accessing the /dev/shm path with different share
names.


However, you will have a bigger problem using SSL-Bump with this
configuration.
 To cache the traffic requires the frontend to be using TLS to contact
the backends. Which will make the frontend see the backend *proxy*
certificate as the one to be mimic'd instead of the real origin certificate.


You will need to separate these into a full multi-tenant configuration
with SSL-Bump at both layers and interception of traffic leaving the
frontend diverted into the backend.
 <https://wiki.squid-cache.org/MultipleInstances>


Amos


More information about the squid-users mailing list