[squid-users] High memory usage associated with ssl_bump and broken clients
Amos Jeffries
squid3 at treenet.co.nz
Sat Sep 9 12:35:53 UTC 2017
On 09/09/17 04:37, Steve Hill wrote:
>
> I've identified a problem with Squid 3.5.26 using a lot of memory when
> some broken clients are on the network. Strictly speaking this isn't
> really Squid's fault, but it is a denial of service mechanism so I
> wonder if Squid can help mitigate it.
>
AFAIK every connection opened or accepted by Squid does have a timeout,
though some of them are long. The mitigation is probably to reduce
request_timeout (v2+) or better the request_start_timeout (v4+).
Please bring up your research on squid-dev mailing list so the guys
working on TLS/SSL and QA can all see it.
You may also need to update the networks congestion control algorithms
to ones that better handle RST packets.
Amos
More information about the squid-users
mailing list