<div dir="ltr">Here is my squid.conf anf followed by cache.log.<div><br></div><div><div>http_port 8000 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/cygdrive/c/squid/etc/ssl_cert/myCA.pem</div><div><br></div><div>auth_param basic program /cygdrive/c/Squid/lib/squid/basic_ldap_auth.exe -v 3 -P -R -b "DC=CONDUIRA,DC=LOCAL" -D "CN=administrator,CN=Users,DC=CONDUIRA,DC=LOCAL" -w anar_2017 -f sAMAccountName=%s -h 192.168.100.1</div><div>auth_param basic children 5</div><div>auth_param basic realm Web-Proxy</div><div>auth_param basic credentialsttl 1 minute</div><div>acl localnet src <a href="http://192.168.100.0/24">192.168.100.0/24</a> fc00::/7 fe80::/10 </div><div><br></div><div>acl SSL_ports port 443</div><div>acl Safe_ports port 21 70 80 210 280 443 488 591 777 1025-65535</div><div><br></div><div>acl CONNECT method CONNECT</div><div>acl CONNECT method CONNECT</div><div><br></div><div>cache_dir ufs c:/squid/var/cache/squid/cache 100 16 256</div><div>access_log stdio:/cygdrive/c/Squid/var/log/squid/access.log squid</div><div><br></div><div>coredump_dir /cygdrive/c/Squid/var/cache/squid</div><div>pid_filename /cygdrive/c/Squid/var/run/squid/run/squid/squidsrv.pid</div><div><br></div><div>acl denyext url_regex -i \.exe$ \.mp3$ \.mpeg$ \.mpg$ \.rar$ \.asx$ \.wma$ \.wmv$ \.avi$ \.qt$ \.ram$ \.rm$ \.iso$ \.wav$ \.wmf$ \.mov$</div><div>http_access deny denyext all</div><div><br></div><div>request_body_max_size 1024 KB</div><div><br></div><div>acl fileupload req_mime_type -i ^multipart/form-data$</div><div>http_access deny fileupload</div><div><br></div><div><br></div><div>## Full Access Users</div><div>acl active_directory_authenticated proxy_auth REQUIRED</div><div>acl user_previleged proxy_auth raju.masina</div><div>http_access allow active_directory_authenticated user_previleged</div><div><br></div><div>## Allowed Domains for ALL_Users</div><div>acl domains_all dstdomain "c:/Squid/etc/allowed_domains.txt"</div><div>http_access allow active_directory_authenticated domains_all</div><div><br></div><div>refresh_pattern -i .*\.(m4f|mp4|txt) 5259487 99% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private refresh-ims</div><div>acl storeid-helper url_regex -i ^https?:\/\/.*\.s3-ap-southeast-1\.amazonaws\.com(.*\.(m4f|mp4))</div><div>store_id_access deny all</div><div><br></div><div>acl loop_302 http_status 302</div><div>acl getmethod method GET</div><div><br></div><div>http_access deny !Safe_ports</div><div>http_access deny CONNECT !SSL_ports</div><div>http_access deny localhost manager</div><div>http_access deny manager</div><div>http_access deny all</div><div><br></div><div>always_direct allow all</div><div>#ssl_bump splice bypast</div><div>#ssl_bump peek bypast</div><div>ssl_bump server-first all</div><div>sslproxy_cert_error deny all</div><div>sslproxy_flags DONT_VERIFY_PEER</div><div>sslcrtd_program /cygdrive/c/squid/lib/squid/ssl_crtd -s /cygdrive/c/squid/var/run/squid/run/squid/ssl_db/certs -M 4MB</div><div>sslcrtd_children 8 startup=1 idle=1</div><div><br></div><div>cache_replacement_policy heap LFUDA</div><div>memory_replacement_policy heap GDSF</div><div>cache_mem 8 MB</div><div>minimum_object_size 0 KB</div><div>maximum_object_size 1 GB</div><div>maximum_object_size_in_memory 512 KB</div><div>cache_swap_low 90</div><div>cache_swap_high 95</div><div><br></div><div>store_id_access deny !getmethod</div><div>store_id_access allow storeid-helper</div><div><br></div><div>dns_nameservers 192.168.100.1</div><div>hosts_file /cygdrive/c/windows/system32/drivers/etc/hosts</div><div><br></div></div><div>CACHE.LOG</div><div><br></div><div><div>2016/11/04 17:26:39 kid1| Adding nameserver 192.168.100.1 from squid.conf</div><div>2016/11/04 17:26:39 kid1| helperOpenServers: Starting 1/8 'ssl_crtd' processes</div><div>2016/11/04 17:26:39 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument</div><div>2016/11/04 17:26:39 kid1| helperOpenServers: Starting 0/5 'basic_ldap_auth.exe' processes</div><div>2016/11/04 17:26:39 kid1| helperOpenServers: No 'basic_ldap_auth.exe' processes needed.</div><div>2016/11/04 17:26:39 kid1| HTCP Disabled.</div><div>2016/11/04 17:26:39 kid1| Finished loading MIME types and icons.</div><div>2016/11/04 17:26:39 kid1| Accepting SSL bumped HTTP Socket connections at local=[::]:8000 remote=[::] FD 13 flags=9</div><div>2016/11/04 17:26:44 kid1| Starting new basicauthenticator helpers...</div><div>2016/11/04 17:26:44 kid1| helperOpenServers: Starting 1/5 'basic_ldap_auth.exe' processes</div><div>2016/11/04 17:26:44 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument</div><div>2016/11/04 17:55:39 kid1| Starting new ssl_crtd helpers...</div><div>2016/11/04 17:55:39 kid1| helperOpenServers: Starting 1/8 'ssl_crtd' processes</div><div>2016/11/04 17:55:40 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument</div><div>2016/11/04 17:55:40 kid1| Starting new ssl_crtd helpers...</div><div>2016/11/04 17:55:40 kid1| helperOpenServers: Starting 1/8 'ssl_crtd' processes</div><div>2016/11/04 17:55:40 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument</div><div>2016/11/04 17:55:40 kid1| Starting new ssl_crtd helpers...</div><div>2016/11/04 17:55:40 kid1| helperOpenServers: Starting 1/8 'ssl_crtd' processes</div><div>2016/11/04 17:55:40 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument</div><div>2016/11/04 17:55:40 kid1| Starting new ssl_crtd helpers...</div><div>2016/11/04 17:55:40 kid1| helperOpenServers: Starting 1/8 'ssl_crtd' processes</div><div>2016/11/04 17:55:40 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument</div><div>2016/11/04 17:55:40 kid1| Starting new ssl_crtd helpers...</div><div>2016/11/04 17:55:40 kid1| helperOpenServers: Starting 1/8 'ssl_crtd' processes</div><div>2016/11/04 17:55:40 kid1| WARNING: no_suid: setuid(0): (22) Invalid argument</div><div>basic_ldap_auth: WARNING, could not bind to binddn 'Can't contact LDAP server'</div></div><div><br></div><div>Regards.</div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 4, 2016 at 8:13 PM, <span dir="ltr"><<a href="mailto:squid-users-request@lists.squid-cache.org" target="_blank">squid-users-request@lists.squid-cache.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Send squid-users mailing list submissions to<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.<wbr>org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/<wbr>listinfo/squid-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:squid-users-request@lists.squid-cache.org">squid-users-request@lists.<wbr>squid-cache.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:squid-users-owner@lists.squid-cache.org">squid-users-owner@lists.squid-<wbr>cache.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of squid-users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: squid warning (Yuri)<br>
2. Re: squid warning (Matus UHLAR - fantomas)<br>
3. Squid doesn't use domain name as a request URL in access.log<br>
when splice at step 3 occurs (Garri Djavadyan)<br>
4. Squid doesn't use domain name as a request URL in access.log<br>
when splice at step 3 occurs (Garri Djavadyan)<br>
5. Re: squid warning (Yuri Voinov)<br>
6. Re: Squid doesn't use domain name as a request URL in<br>
access.log when splice at step 3 occurs (Amos Jeffries)<br>
<br>
<br>
------------------------------<wbr>------------------------------<wbr>----------<br>
<br>
Message: 1<br>
Date: Fri, 4 Nov 2016 18:23:05 +0600<br>
From: Yuri <<a href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a>><br>
To: <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.<wbr>org</a><br>
Subject: Re: [squid-users] squid warning<br>
Message-ID: <<a href="mailto:5e2eaab8-71fb-1908-f93a-acea6e451727@gmail.com">5e2eaab8-71fb-1908-f93a-<wbr>acea6e451727@gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"; Format="flowed"<br>
<br>
This warning is irrelevent to your google issue.<br>
<br>
Show your config.<br>
<br>
<br>
04.11.2016 10:34, Raju M K пишет:<br>
> Hi,<br>
> I installed squid v3.5.22 on windows and enabled with ssl_bump.<br>
> Now my issue is.<br>
> Web page is opening very slowly. For ex. <a href="http://www.google.com" rel="noreferrer" target="_blank">www.google.com</a><br>
> <<a href="http://www.google.com/" rel="noreferrer" target="_blank">http://www.google.com/</a>> its taking more than 30 seconds.<br>
> In cache log showing below warning<br>
> 2016/11/03 17:45:16 kid1| helperOpenServers: Starting 1/8 'ssl_crtd'<br>
> processes<br>
> 2016/11/03 17:45:16 kid1| WARNING: no_suid: setuid(0): (22) Invalid<br>
> argument<br>
><br>
> Please hepl me..<br>
> --<br>
> Regards,<br>
> M K Raju.<br>
><br>
><br>
><br>
> ______________________________<wbr>_________________<br>
> squid-users mailing list<br>
> <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.<wbr>org</a><br>
> <a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/<wbr>listinfo/squid-users</a><br>
<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20161104/1cd09462/attachment-0001.html" rel="noreferrer" target="_blank">http://lists.squid-cache.org/<wbr>pipermail/squid-users/<wbr>attachments/20161104/1cd09462/<wbr>attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Fri, 4 Nov 2016 13:39:20 +0100<br>
From: Matus UHLAR - fantomas <<a href="mailto:uhlar@fantomas.sk">uhlar@fantomas.sk</a>><br>
To: <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.<wbr>org</a><br>
Subject: Re: [squid-users] squid warning<br>
Message-ID: <<a href="mailto:20161104123920.GA5216@fantomas.sk">20161104123920.GA5216@<wbr>fantomas.sk</a>><br>
Content-Type: text/plain; charset=utf-8; format=flowed<br>
<br>
On 04.11.16 18:23, Yuri wrote:<br>
>This warning is irrelevent to your google issue.<br>
<br>
are you sure that creating fake google certificate is not the reason of<br>
delay?<br>
<br>
>04.11.2016 10:34, Raju M K пишет:<br>
>>I installed squid v3.5.22 on windows and enabled with ssl_bump.<br>
>>Now my issue is.<br>
>>Web page is opening very slowly. For ex. <a href="http://www.google.com" rel="noreferrer" target="_blank">www.google.com</a><br>
>><<a href="http://www.google.com/" rel="noreferrer" target="_blank">http://www.google.com/</a>> its taking more than 30 seconds.<br>
>>In cache log showing below warning<br>
>>2016/11/03 17:45:16 kid1| helperOpenServers: Starting 1/8<br>
>>'ssl_crtd' processes<br>
>>2016/11/03 17:45:16 kid1| WARNING: no_suid: setuid(0): (22) Invalid<br>
<br>
<br>
--<br>
Matus UHLAR - fantomas, <a href="mailto:uhlar@fantomas.sk">uhlar@fantomas.sk</a> ; <a href="http://www.fantomas.sk/" rel="noreferrer" target="_blank">http://www.fantomas.sk/</a><br>
Warning: I wish NOT to receive e-mail advertising to this address.<br>
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.<br>
M$ Win's are shit, do not use it !<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Fri, 04 Nov 2016 17:43:33 +0500<br>
From: Garri Djavadyan <<a href="mailto:garryd@comnet.uz">garryd@comnet.uz</a>><br>
To: <a href="mailto:squid-users@squid-cache.org">squid-users@squid-cache.org</a><br>
Subject: [squid-users] Squid doesn't use domain name as a request URL<br>
in access.log when splice at step 3 occurs<br>
Message-ID: <<a href="mailto:1478263413.30442.5.camel@comnet.uz">1478263413.30442.5.camel@<wbr>comnet.uz</a>><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
I noticed that Squid doesn't use gathered domain name information for<br>
%ru in access.log when splice action is performed at step 3 for<br>
intercepted traffic. The format code ssl::>sni is available at both<br>
steps. Below are examples used to verify the behavior using Squid<br>
3.5.22, but the results are same for Squid 4.0.16.<br>
<br>
The request used on client:<br>
<br>
$ curl <a href="https://www.openssl.org/" rel="noreferrer" target="_blank">https://www.openssl.org/</a> > /dev/null<br>
<br>
<br>
The configuration for splice at step 2:<br>
<br>
# diff etc/squid.conf.default etc/squid.conf<br>
73a74,78<br>
> https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem<br>
generate-host-certificates<br>
> acl StepSplice at_step SslBump2<br>
> ssl_bump splice StepSplice<br>
> ssl_bump peek all<br>
> logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un<br>
%Sh/%<a %mt %ssl::>sni<br>
<br>
<br>
The result:<br>
<br>
<a href="tel:1478256091" value="+911478256091">1478256091</a>.609 1028 172.16.0.21 TAG_NONE/200 0 CONNECT<br>
<a href="http://104.124.119.14:443" rel="noreferrer" target="_blank">104.124.119.14:443</a> - HIER_NONE/- - <a href="http://www.openssl.org" rel="noreferrer" target="_blank">www.openssl.org</a><br>
<a href="tel:1478256091" value="+911478256091">1478256091</a>.609 1026 172.16.0.21 TCP_TUNNEL/200 9807 CONNECT www.opens<br>
<a href="http://sl.org:443" rel="noreferrer" target="_blank">sl.org:443</a> - ORIGINAL_DST/<a href="http://104.124.119.14" rel="noreferrer" target="_blank">104.124.119.14</a> - <a href="http://www.openssl.org" rel="noreferrer" target="_blank">www.openssl.org</a><br>
<br>
<br>
-----<br>
The configuration for splice at step 3:<br>
<br>
# diff etc/squid.conf.default etc/squid.conf<br>
73a74,78<br>
> https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem<br>
generate-host-certificates<br>
> acl StepSplice at_step SslBump3<br>
> ssl_bump splice StepSplice<br>
> ssl_bump peek all<br>
> logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un<br>
%Sh/%<a %mt %ssl::>sni<br>
<br>
<br>
The result:<br>
<a href="tel:1478256303" value="+911478256303">1478256303</a>.420 574 172.16.0.21 TCP_TUNNEL/200 6897 CONNECT<br>
<a href="http://104.124.119.14:443" rel="noreferrer" target="_blank">104.124.119.14:443</a> - ORIGINAL_DST/<a href="http://104.124.119.14" rel="noreferrer" target="_blank">104.124.119.14</a> - <a href="http://www.openssl.org" rel="noreferrer" target="_blank">www.openssl.org</a><br>
<br>
<br>
Is it a bug or intended behavior? Thanks.<br>
<br>
Garri<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Fri, 04 Nov 2016 19:06:22 +0500<br>
From: Garri Djavadyan <<a href="mailto:garryd@comnet.uz">garryd@comnet.uz</a>><br>
To: <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.<wbr>org</a><br>
Subject: [squid-users] Squid doesn't use domain name as a request URL<br>
in access.log when splice at step 3 occurs<br>
Message-ID: <<a href="mailto:1478268382.30442.11.camel@comnet.uz">1478268382.30442.11.camel@<wbr>comnet.uz</a>><br>
Content-Type: text/plain; charset="UTF-8"<br>
<br>
On Fri, 2016-11-04 at 17:43 +0500, Garri Djavadyan wrote:<br>
> I noticed that Squid doesn't use gathered domain name information for<br>
> %ru in access.log when splice action is performed at step 3 for<br>
> intercepted traffic. The format code ssl::>sni is available at both<br>
> steps. Below are examples used to verify the behavior using Squid<br>
> 3.5.22, but the results are same for Squid 4.0.16.<br>
><br>
> The request used on client:<br>
><br>
> $ curl <a href="https://www.openssl.org/" rel="noreferrer" target="_blank">https://www.openssl.org/</a> > /dev/null<br>
><br>
><br>
> The configuration for splice at step 2:<br>
><br>
> # diff etc/squid.conf.default etc/squid.conf<br>
> 73a74,78<br>
> ><br>
> > https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem<br>
> generate-host-certificates<br>
> ><br>
> > acl StepSplice at_step SslBump2<br>
> > ssl_bump splice StepSplice<br>
> > ssl_bump peek all<br>
> > logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru<br>
> > %[un<br>
> %Sh/%<a %mt %ssl::>sni<br>
><br>
><br>
> The result:<br>
><br>
> <a href="tel:1478256091" value="+911478256091">1478256091</a>.609 1028 172.16.0.21 TAG_NONE/200 0 CONNECT<br>
> <a href="http://104.124.119.14:443" rel="noreferrer" target="_blank">104.124.119.14:443</a> - HIER_NONE/- - <a href="http://www.openssl.org" rel="noreferrer" target="_blank">www.openssl.org</a><br>
> <a href="tel:1478256091" value="+911478256091">1478256091</a>.609 1026 172.16.0.21 TCP_TUNNEL/200 9807 CONNECT www.ope<br>
> ns<br>
> <a href="http://sl.org:443" rel="noreferrer" target="_blank">sl.org:443</a> - ORIGINAL_DST/<a href="http://104.124.119.14" rel="noreferrer" target="_blank">104.124.119.14</a> - <a href="http://www.openssl.org" rel="noreferrer" target="_blank">www.openssl.org</a><br>
><br>
><br>
> -----<br>
> The configuration for splice at step 3:<br>
><br>
> # diff etc/squid.conf.default etc/squid.conf<br>
> 73a74,78<br>
> ><br>
> > https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem<br>
> generate-host-certificates<br>
> ><br>
> > acl StepSplice at_step SslBump3<br>
> > ssl_bump splice StepSplice<br>
> > ssl_bump peek all<br>
> > logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru<br>
> > %[un<br>
> %Sh/%<a %mt %ssl::>sni<br>
><br>
><br>
> The result:<br>
> <a href="tel:1478256303" value="+911478256303">1478256303</a>.420 574 172.16.0.21 TCP_TUNNEL/200 6897 CONNECT<br>
> <a href="http://104.124.119.14:443" rel="noreferrer" target="_blank">104.124.119.14:443</a> - ORIGINAL_DST/<a href="http://104.124.119.14" rel="noreferrer" target="_blank">104.124.119.14</a> - <a href="http://www.openssl.org" rel="noreferrer" target="_blank">www.openssl.org</a><br>
><br>
><br>
> Is it a bug or intended behavior? Thanks.<br>
><br>
> Garri<br>
<br>
It prevents domain name identification when SNI is not provided by a<br>
client. For example:<br>
<br>
Request:<br>
$ echo -e "HEAD / HTTP/1.1\nHost: <a href="http://www.openssl.org" rel="noreferrer" target="_blank">www.openssl.org</a>\n\n" | openssl<br>
s_client -quiet -no_ign_eof -connect <a href="http://www.openssl.org:443" rel="noreferrer" target="_blank">www.openssl.org:443</a><br>
<br>
Config:<br>
# diff etc/squid.conf.default etc/squid.conf<br>
73a74,78<br>
> https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem<br>
generate-host-certificates<br>
> acl StepSplice at_step SslBump3<br>
> ssl_bump splice StepSplice<br>
> ssl_bump peek all<br>
> logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un<br>
%Sh/%<a %mt %ssl::>sni<br>
<br>
Result:<br>
<a href="tel:1478267428" value="+911478267428">1478267428</a>.070 347 172.16.0.21 TCP_TUNNEL/200 235 CONNECT<br>
<a href="http://104.124.119.14:443" rel="noreferrer" target="_blank">104.124.119.14:443</a> - ORIGINAL_DST/<a href="http://104.124.119.14" rel="noreferrer" target="_blank">104.124.119.14</a> - -<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Fri, 4 Nov 2016 20:07:25 +0600<br>
From: Yuri Voinov <<a href="mailto:yvoinov@gmail.com">yvoinov@gmail.com</a>><br>
To: <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.<wbr>org</a><br>
Subject: Re: [squid-users] squid warning<br>
Message-ID: <<a href="mailto:0840e0bf-597d-5493-3562-bb69390c5f20@gmail.com">0840e0bf-597d-5493-3562-<wbr>bb69390c5f20@gmail.com</a>><br>
Content-Type: text/plain; charset="utf-8"<br>
<br>
<br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
<br>
<br>
04.11.2016 18:39, Matus UHLAR - fantomas пишет:<br>
> On 04.11.16 18:23, Yuri wrote:<br>
>> This warning is irrelevent to your google issue.<br>
><br>
> are you sure that creating fake google certificate is not the reason of<br>
> delay?<br>
I'm talking about this warning: WARNING: no_suid: setuid(0): (22) Invalid<br>
<br>
Did you see Diladele Win64 Squid by your own eyes? If yes, you<br>
understand me.<br>
<br>
However, I suggests (only, because of I'm not seen squid.conf), that the<br>
real problem is here:<br>
<br>
helperOpenServers: Starting 1/8 'ssl_crtd' processes<br>
<br>
It seems at so few ssl_crtd helper processes.<br>
><br>
>> 04.11.2016 10:34, Raju M K пишет:<br>
>>> I installed squid v3.5.22 on windows and enabled with ssl_bump.<br>
>>> Now my issue is.<br>
>>> Web page is opening very slowly. For ex. <a href="http://www.google.com" rel="noreferrer" target="_blank">www.google.com</a><br>
<<a href="http://www.google.com/" rel="noreferrer" target="_blank">http://www.google.com/</a>> its taking more than 30 seconds.<br>
>>> In cache log showing below warning<br>
>>> 2016/11/03 17:45:16 kid1| helperOpenServers: Starting 1/8 'ssl_crtd'<br>
processes<br>
>>> 2016/11/03 17:45:16 kid1| WARNING: no_suid: setuid(0): (22) Invalid<br>
><br>
><br>
<br>
- --<br>
Cats - delicious. You just do not know how to cook them.<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2<br>
<br>
iQEcBAEBCAAGBQJYHJYcAAoJENNXIZ<wbr>xhPexGJ9oIAJZLwy9Tb3SOkmdLPdrG<wbr>oi12<br>
NvkLOBhCVBGWAIuRD/<wbr>6WO1edhZ7h12v87mvZ10CKVldNe70Z<wbr>DFNZcpkzfUrx91Lm<br>
Qk1fA0Of830nNoDp+<wbr>pQMksByUZKcCvgEQnBLgzenUxcFi7q<wbr>qVaDzXjbcdoAN51tg<br>
R6RLftQGomdHcvvLmacZO8B4NG5BBD<wbr>yl2psA/bXjwbq17dlHvhzYdUxc+<wbr>OfInwrS<br>
pRAyPKolo+QnT3euW+2nw0+<wbr>AjccRiZgQiVHNRu05jhTkAsXaIQEOm<wbr>gfnIWnIFbM2<br>
HsJD4M9D2awP8gRyus5Pv7O0uv3F0W<wbr>x64mebLOcNjJe9xu6vU47SUa96jGse<wbr>uHY=<br>
=PKW2<br>
-----END PGP SIGNATURE-----<br>
<br>
-------------- next part --------------<br>
A non-text attachment was scrubbed...<br>
Name: 0x613DEC46.asc<br>
Type: application/pgp-keys<br>
Size: 2437 bytes<br>
Desc: not available<br>
URL: <<a href="http://lists.squid-cache.org/pipermail/squid-users/attachments/20161104/da43ac97/attachment-0001.key" rel="noreferrer" target="_blank">http://lists.squid-cache.org/<wbr>pipermail/squid-users/<wbr>attachments/20161104/da43ac97/<wbr>attachment-0001.key</a>><br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Sat, 5 Nov 2016 03:42:45 +1300<br>
From: Amos Jeffries <<a href="mailto:squid3@treenet.co.nz">squid3@treenet.co.nz</a>><br>
To: <a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.<wbr>org</a><br>
Subject: Re: [squid-users] Squid doesn't use domain name as a request<br>
URL in access.log when splice at step 3 occurs<br>
Message-ID: <<a href="mailto:5e50526c-5945-8038-d09e-3c7d56ac2512@treenet.co.nz">5e50526c-5945-8038-d09e-<wbr>3c7d56ac2512@treenet.co.nz</a>><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
On 5/11/2016 1:43 a.m., Garri Djavadyan wrote:<br>
> The configuration for splice at step 3:<br>
><br>
> # diff etc/squid.conf.default etc/squid.conf<br>
> 73a74,78<br>
>> https_port 3129 intercept ssl-bump cert=etc/ssl_cert/myCA.pem<br>
> generate-host-certificates<br>
>> acl StepSplice at_step SslBump3<br>
>> ssl_bump splice StepSplice<br>
>> ssl_bump peek all<br>
>> logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un<br>
> %Sh/%<a %mt %ssl::>sni<br>
><br>
><br>
> The result:<br>
> 1478256303.420 574 172.16.0.21 TCP_TUNNEL/200 6897 CONNECT<br>
> <a href="http://104.124.119.14:443" rel="noreferrer" target="_blank">104.124.119.14:443</a> - ORIGINAL_DST/<a href="http://104.124.119.14" rel="noreferrer" target="_blank">104.124.119.14</a> - <a href="http://www.openssl.org" rel="noreferrer" target="_blank">www.openssl.org</a><br>
><br>
><br>
> Is it a bug or intended behavior? Thanks.<br>
><br>
<br>
The person (Christos) who designed that behaviour is not reading this<br>
mailing list very often.<br>
<br>
AFAIK, it depends on what the SubjectAltName field in the certificate<br>
provided by 104.124.119.14 contains.<br>
<br>
Amos<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Subject: Digest Footer<br>
<br>
______________________________<wbr>_________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.<wbr>org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/<wbr>listinfo/squid-users</a><br>
<br>
<br>
------------------------------<br>
<br>
End of squid-users Digest, Vol 27, Issue 9<br>
******************************<wbr>************<br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">Regards,<br>M K Raju.<br><br></div>
</div></div>