[squid-users] Huge memory required for squid 3.5
Amos Jeffries
squid3 at treenet.co.nz
Wed Apr 26 03:08:41 UTC 2017
On 26/04/17 10:53, Yuri Voinov wrote:
> Ok, but how NO_DEFAULT_CA should help with this?
It prevents OpenSSL copying that 1MB into each incoming client
connections memory. The CAs are only useful there when you have some of
the global CAs as root for client certificates - in which case you still
only want to trust the roots you paid for service and not all of them.
Just something to try if there are huge memory issues with TLS/SSL
proxying. The default behaviour is fixed for Squid-4 with the config
options changes. But due to being a major surprise for anyone already
relying on global roots for client certs it remains a problem in 3.5.
Amos
More information about the squid-users
mailing list