<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>How big disk cache(s) and how it full?<br>
</p>
<br>
<div class="moz-cite-prefix">03.05.2017 17:54, Nil Nik пишет:<br>
</div>
<blockquote
cite="mid:BY1PR10MB03577C3C006CEF30984D393584160@BY1PR10MB0357.namprd10.prod.outlook.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;"
dir="ltr">
Hi,
<p><br>
</p>
<p><font size="2"><span style="font-size:10pt;">NO_DEFAULT_CA</span></font>
<span>
doesn't</span> help. Still goes in GB. Can anyone tell me
area so that i can work on?</p>
<p><br>
</p>
<p>Regards,</p>
<p>Nil<br>
</p>
<p><br>
</p>
<div style="color: rgb(0, 0, 0);">
<div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font
style="font-size:11pt" face="Calibri, sans-serif"
color="#000000"><b>From:</b> squid-users
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users-bounces@lists.squid-cache.org"><squid-users-bounces@lists.squid-cache.org></a> on
behalf of Alex Rousskov
<a class="moz-txt-link-rfc2396E" href="mailto:rousskov@measurement-factory.com"><rousskov@measurement-factory.com></a><br>
<b>Sent:</b> Wednesday, April 26, 2017 7:37 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<b>Subject:</b> Re: [squid-users] Huge memory required
for squid 3.5</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">On 04/26/2017 09:35 AM, Yuri Voinov
wrote:<br>
<br>
> This is openssl issue or squid's?<br>
<br>
AFAIK, the underlying issue (i.e., bug #4005) is mostly
a Squid problem:<br>
Squid is caching SSL contexts (instead of certificates)
and does a poor<br>
job maintaining that cache.<br>
<br>
Earlier OpenSSL versions (that had to be used when the
original code was<br>
written) complicated solving this problem. OpenSSL
v1.0.1+ added APIs<br>
that simplify some aspects of the anticipated fix.
Certain OpenSSL<br>
aspects will continue to hurt Squid, even with OpenSSL
v1.0.1, but if<br>
you want to blame a single project (instead of both),
blame Squid.<br>
<br>
<br>
> Why sessions can't share CA's data cached in
memory? shared_ptr invented<br>
> already.<br>
<br>
OpenSSL knew how to share things well before
std::shared_ptr became<br>
available. However, it is the responsibility of the
application to tell<br>
OpenSSL what to create from scratch and what to share. A
part of the<br>
problem is that Squid tells OpenSSL to create many large
things from<br>
scratch and then caches those large things while
underestimating their<br>
size by several(?) orders of magnitude (and probably
also missing many<br>
cache hits).<br>
<br>
More details, including the difference between problems
associated with<br>
from-client and to-server connections, are documented in
the "Memory<br>
Usage" section of <a moz-do-not-send="true"
href="http://wiki.squid-cache.org/Features/SslBump"
id="LPlnk706809" previewremoved="true">
http://wiki.squid-cache.org/Features/SslBump</a>
<div id="LPBorder_GT_14938123250740.11314859301887725"
style="margin-bottom: 20px; overflow: auto; width:
100%; text-indent: 0px;">
<table
id="LPContainer_14938123250710.8259907502117058"
style="width: 90%; background-color: rgb(255, 255,
255); position: relative; overflow: auto;
padding-top: 20px; padding-bottom: 20px; margin-top:
20px; border-top: 1px dotted rgb(200, 200, 200);
border-bottom: 1px dotted rgb(200, 200, 200);"
role="presentation" cellspacing="0">
<tbody>
<tr style="border-spacing: 0px;" valign="top">
<td
id="TextCell_14938123250720.08481065624306094"
style="vertical-align: top; position:
relative; padding: 0px; display: table-cell;"
colspan="2">
<div
id="LPTitle_14938123250720.09427320548735929"
style="top: 0px; color: rgb(0, 120, 215);
font-weight: 400; font-size: 21px;
font-family:
"wf_segoe-ui_light","Segoe UI
Light","Segoe WP
Light","Segoe UI","Segoe
WP",Tahoma,Arial,sans-serif;
line-height: 21px;">
<a moz-do-not-send="true"
id="LPUrlAnchor_14938123250720.03337732538898763"
style="text-decoration: none;"
href="http://wiki.squid-cache.org/Features/SslBump"
target="_blank">Features/SslBump - Squid
Web Proxy Wiki</a></div>
<div
id="LPMetadata_14938123250730.02992122672727393"
style="margin: 10px 0px 16px; color:
rgb(102, 102, 102); font-weight: 400;
font-family:
"wf_segoe-ui_normal","Segoe
UI","Segoe
WP",Tahoma,Arial,sans-serif; font-size:
14px; line-height: 14px;">
wiki.squid-cache.org</div>
<div
id="LPDescription_14938123250730.700130210657148"
style="display: block; color: rgb(102, 102,
102); font-weight: 400; font-family:
"wf_segoe-ui_normal","Segoe
UI","Segoe
WP",Tahoma,Arial,sans-serif; font-size:
14px; line-height: 20px; max-height: 100px;
overflow: hidden;">
Squid-in-the-middle decryption and
encryption of straight CONNECT and
transparently redirected SSL traffic, using
configurable CA certificates.</div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
<br>
FWIW, we have spent a lot of resources on triaging this
problem and<br>
drafting possible solutions (in various overlapping
areas), but there is<br>
currently no sponsor to finalize and implement any of
the fixes. AFAIK,<br>
bug #4005 is stuck.<br>
<br>
I am glad that NO_DEFAULT_CA helps mitigate some of the
problems in some<br>
environments.<br>
<br>
<br>
HTH,<br>
<br>
Alex.<br>
<br>
<br>
> 26.04.2017 9:08, Amos Jeffries пишет:<br>
>> On 26/04/17 10:53, Yuri Voinov wrote:<br>
>>> Ok, but how NO_DEFAULT_CA should help with
this?<br>
>><br>
>> It prevents OpenSSL copying that 1MB into each
incoming client<br>
>> connections memory. The CAs are only useful
there when you have some<br>
>> of the global CAs as root for client
certificates - in which case you<br>
>> still only want to trust the roots you paid for
service and not all of<br>
>> them.<br>
>><br>
>> Just something to try if there are huge memory
issues with TLS/SSL<br>
>> proxying. The default behaviour is fixed for
Squid-4 with the config<br>
>> options changes. But due to being a major
surprise for anyone already<br>
>> relying on global roots for client certs it
remains a problem in 3.5.<br>
>><br>
>> Amos<br>
>><br>
>> _______________________________________________<br>
>> squid-users mailing list<br>
>> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
>> <a moz-do-not-send="true"
href="http://lists.squid-cache.org/listinfo/squid-users"
id="LPlnk637142" previewremoved="true">
http://lists.squid-cache.org/listinfo/squid-users</a>
<div id="LPBorder_GT_14938123786480.4488564126039615"
style="margin-bottom: 20px; overflow: auto; width:
100%; text-indent: 0px;">
<table
id="LPContainer_14938123786430.20365778727089778"
style="width: 90%; background-color: rgb(255, 255,
255); position: relative; overflow: auto;
padding-top: 20px; padding-bottom: 20px; margin-top:
20px; border-top: 1px dotted rgb(200, 200, 200);
border-bottom: 1px dotted rgb(200, 200, 200);"
role="presentation" cellspacing="0">
<tbody>
<tr style="border-spacing: 0px;" valign="top">
<td
id="TextCell_14938123786440.13963595398341355"
style="vertical-align: top; position:
relative; padding: 0px; display: table-cell;"
colspan="2">
<div
id="LPTitle_14938123786440.2887556511306161"
style="top: 0px; color: rgb(0, 120, 215);
font-weight: 400; font-size: 21px;
font-family:
"wf_segoe-ui_light","Segoe UI
Light","Segoe WP
Light","Segoe UI","Segoe
WP",Tahoma,Arial,sans-serif;
line-height: 21px;">
<a moz-do-not-send="true"
id="LPUrlAnchor_14938123786450.5044640733064653"
style="text-decoration: none;"
href="http://lists.squid-cache.org/listinfo/squid-users"
target="_blank">squid-users Info Page</a></div>
<div
id="LPMetadata_14938123786460.240786599206116"
style="margin: 10px 0px 16px; color:
rgb(102, 102, 102); font-weight: 400;
font-family:
"wf_segoe-ui_normal","Segoe
UI","Segoe
WP",Tahoma,Arial,sans-serif; font-size:
14px; line-height: 14px;">
lists.squid-cache.org</div>
<div
id="LPDescription_14938123786470.3527418464477192"
style="display: block; color: rgb(102, 102,
102); font-weight: 400; font-family:
"wf_segoe-ui_normal","Segoe
UI","Segoe
WP",Tahoma,Arial,sans-serif; font-size:
14px; line-height: 20px; max-height: 100px;
overflow: hidden;">
squid-users -- General discussion relating
to Squid. The membership of this list is
thousands of Squid users from around the
world About squid-users</div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
> <br>
> <br>
> <br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a moz-do-not-send="true"
href="http://lists.squid-cache.org/listinfo/squid-users"
id="LPlnk994124" previewremoved="true">
http://lists.squid-cache.org/listinfo/squid-users</a>
<div id="LPBorder_GT_14938123786130.7066901792730146"
style="margin-bottom: 20px; overflow: auto; width:
100%; text-indent: 0px;">
<table
id="LPContainer_14938123786100.6322304170504451"
style="width: 90%; background-color: rgb(255, 255,
255); position: relative; overflow: auto;
padding-top: 20px; padding-bottom: 20px; margin-top:
20px; border-top: 1px dotted rgb(200, 200, 200);
border-bottom: 1px dotted rgb(200, 200, 200);"
role="presentation" cellspacing="0">
<tbody>
<tr style="border-spacing: 0px;" valign="top">
<td
id="TextCell_14938123786110.41271651298547873"
style="vertical-align: top; position:
relative; padding: 0px; display: table-cell;"
colspan="2">
<div
id="LPTitle_14938123786110.11202505050493272"
style="top: 0px; color: rgb(0, 120, 215);
font-weight: 400; font-size: 21px;
font-family:
"wf_segoe-ui_light","Segoe UI
Light","Segoe WP
Light","Segoe UI","Segoe
WP",Tahoma,Arial,sans-serif;
line-height: 21px;">
<a moz-do-not-send="true"
id="LPUrlAnchor_14938123786120.45910068828617034"
style="text-decoration: none;"
href="http://lists.squid-cache.org/listinfo/squid-users"
target="_blank">squid-users Info Page</a></div>
<div
id="LPMetadata_14938123786120.0828671998666407"
style="margin: 10px 0px 16px; color:
rgb(102, 102, 102); font-weight: 400;
font-family:
"wf_segoe-ui_normal","Segoe
UI","Segoe
WP",Tahoma,Arial,sans-serif; font-size:
14px; line-height: 14px;">
lists.squid-cache.org</div>
<div
id="LPDescription_14938123786130.3259122471959415"
style="display: block; color: rgb(102, 102,
102); font-weight: 400; font-family:
"wf_segoe-ui_normal","Segoe
UI","Segoe
WP",Tahoma,Arial,sans-serif; font-size:
14px; line-height: 20px; max-height: 100px;
overflow: hidden;">
squid-users -- General discussion relating
to Squid. The membership of this list is
thousands of Squid users from around the
world About squid-users</div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
> <br>
<br>
_______________________________________________<br>
squid-users mailing list<br>
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a moz-do-not-send="true"
href="http://lists.squid-cache.org/listinfo/squid-users"
id="LPlnk844702" previewremoved="true">http://lists.squid-cache.org/listinfo/squid-users</a>
<div id="LPBorder_GT_14938123786030.5318871818109208"
style="margin-bottom: 20px; overflow: auto; width:
100%; text-indent: 0px;">
<table
id="LPContainer_14938123786000.8268748694301231"
style="width: 90%; background-color: rgb(255, 255,
255); position: relative; overflow: auto;
padding-top: 20px; padding-bottom: 20px; margin-top:
20px; border-top: 1px dotted rgb(200, 200, 200);
border-bottom: 1px dotted rgb(200, 200, 200);"
role="presentation" cellspacing="0">
<tbody>
<tr style="border-spacing: 0px;" valign="top">
<td
id="TextCell_14938123786000.49714504759305367"
style="vertical-align: top; position:
relative; padding: 0px; display: table-cell;"
colspan="2">
<div
id="LPTitle_14938123786010.05569418962463335"
style="top: 0px; color: rgb(0, 120, 215);
font-weight: 400; font-size: 21px;
font-family:
"wf_segoe-ui_light","Segoe UI
Light","Segoe WP
Light","Segoe UI","Segoe
WP",Tahoma,Arial,sans-serif;
line-height: 21px;">
<a moz-do-not-send="true"
id="LPUrlAnchor_14938123786010.7286905952600977"
style="text-decoration: none;"
href="http://lists.squid-cache.org/listinfo/squid-users"
target="_blank">squid-users Info Page</a></div>
<div
id="LPMetadata_14938123786020.401919598439636"
style="margin: 10px 0px 16px; color:
rgb(102, 102, 102); font-weight: 400;
font-family:
"wf_segoe-ui_normal","Segoe
UI","Segoe
WP",Tahoma,Arial,sans-serif; font-size:
14px; line-height: 14px;">
lists.squid-cache.org</div>
<div
id="LPDescription_14938123786020.9672184715186581"
style="display: block; color: rgb(102, 102,
102); font-weight: 400; font-family:
"wf_segoe-ui_normal","Segoe
UI","Segoe
WP",Tahoma,Arial,sans-serif; font-size:
14px; line-height: 20px; max-height: 100px;
overflow: hidden;">
squid-users -- General discussion relating
to Squid. The membership of this list is
thousands of Squid users from around the
world About squid-users</div>
</td>
</tr>
</tbody>
</table>
</div>
<br>
</div>
</span></font></div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br>
</body>
</html>