[squid-users] High CPU Usage with ssl_bump

Yuri Voinov yvoinov at gmail.com
Thu Apr 21 13:22:52 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
It must not be. My most active setup has 3% CPU all time dirung peak hours.

Typical view:

https://i1.someimage.com/NzM1erI.png


21.04.16 19:18, Odhiambo Washington пишет:
> Is is expected that  using ssl_bump results into high CPU usage all the time?
>
> This is squid-3.5.17
>
> That is what I am seeing:
>
> last pid: 26673;  load averages:  2.24,  2.00, 
2.10                                                                                                                
up 0+03:47:56  16:08:30
> 160 processes: 2 running, 157 sleeping, 1 zombie
> CPU: 86.1% user,  0.0% nice,  7.8% system,  3.3% interrupt,  2.7% idle
> Mem: 843M Active, 1942M Inact, 185M Wired, 43M Cache, 89M Buf, 97M Free
> Swap: 5900M Total, 1248K Used, 5899M Free
>
>   PID USERNAME       THR PRI NICE   SIZE    RES STATE   C   TIME   
WCPU COMMAND
> 13309 squid           17  20    0   305M   264M uwait   0   7:38 
80.86% squid
> 26088 squid            1  21    0 12812K  5352K sbwait  1   0:04  
2.49% ssl_crtd
> 26090 squid            1  20    0 12812K  5272K sbwait  1   0:01  
0.88% ssl_crtd
>
>
> My config has:
>
>
>
> acl no_ssl_interception ssl::server_name
"/usr/local/etc/squid/ssl_bump_broken_sites.txt"
> ssl_bump splice no_ssl_interception
> ssl_bump peek step1
> ssl_bump stare step2
> #ssl_bump bump all
> #ssl_bump splice all
>
> I think I read somewhere that 'ssl_bump splice all" is the default
behaviour, hence why I have commented it out. All I need is just become
a TCP tunnel without decrypting proxied traffic.
>
> Thank you.
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft."
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXGNQsAAoJENNXIZxhPexGcZUIAL3zFz9UFuQdyfXFBilFQ0Gj
8F4HkxuJjNtCUYdb6BEwux9jBOjZpYScr8sRHRBPvIV8O4/2Z3QF7exjEW8Duj/G
REWO3txPiE4pICD/AbdBuX8O++dvfjj46nz+lVeCH9JjGW0VoMHiyGtwGx1shSfY
pGX0MguEGEtWp/7hxKAFbRivGuvyQ7Ogj8i9IgMBptMrRu4D3G75UO+9WmaHcpVx
VAf1revHh+dWFWrO1k+zrWFIIFcwbR5LcrJeBYJ94scgPV3p68LC2ZpqUBZreYCM
Koo9+Rss+Ix1rTSUkvTaoGOcMdrHJ1oMICHwyqtDMWlbDds5dAnnWXh5faNYPFk=
=7YlO
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160421/f6780d6e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160421/f6780d6e/attachment.key>

More information about the squid-users mailing list