[squid-users] 2016/02/12 15:59:40 kid1| hold write on SSL connection on FD 25
Amos Jeffries
squid3 at treenet.co.nz
Mon Feb 15 13:09:11 UTC 2016
On 12/02/2016 11:04 p.m., Yuri Voinov wrote:
> Hi gents.
>
> Does anybody meet this issue?
>
> This one:
>
> ssl_bump peek step1
> ssl_bump splice disable-ssl-bump
> ssl_bump stare step2
> ssl_bump bump all
>
> always lead to much records in cache.log:
>
> 2016/02/12 15:59:40 kid1| hold write on SSL connection on FD 25
> 2016/02/12 15:59:40 kid1| hold write on SSL connection on FD 85
> 2016/02/12 15:59:47 kid1| hold write on SSL connection on FD 26
> 2016/02/12 15:59:52 kid1| hold write on SSL connection on FD 26
> 2016/02/12 15:59:53 kid1| hold write on SSL connection on FD 10
>
> and, then, ran out of filedescriptors soon.
>
> Note: This is independent from OS/platform/Squid's version. Either 3.5
> or 4.0 - both demonstrate this behaviour.
>
> If I remove stare rule - issue is gone. But - of course, stare is gone too.
>
> Question.
>
> What is this? Bug, feature, by stupid configuration?
You know what "stare" does right?
Squid sends its ClientHello to the server and puts a "hold" on
recieving more TLS data from the client until the upstream server has
responded. Then waits for the ServerHello, ... and waits, ...
It sounds like yours is waiting a very long time.
Amos
More information about the squid-users
mailing list