[squid-users] SSL intercept in explicit mode
Eliezer Croitoru
eliezer at ngtech.co.il
Tue Mar 13 22:35:20 UTC 2018
Thank Yuri!!
I believe that this post is milestone in for the SSL-BUMP feature.
Now the only thing left regarding weird memory leaks is to compare with these technical details:
3.5.27
4.0.24
5.0.0_alpha\head
I cannot test and compare it myself due to the lack of time and CPU but I believe that it will help to clear some doubts about stability of the above versions.
All The Bests and Thanks,
Eliezer
----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer at ngtech.co.il
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Yuri
Sent: Tuesday, March 13, 2018 19:45
To: Aaron Turner <synfinatic at gmail.com>
Cc: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] SSL intercept in explicit mode
AFAIK,
SSL bump subsystem uses OpenSSL memory routines. So, first of all, most probably leaks (if any) can be OpenSSL-related, but not squid itself.
Now let's see your config snippets.
13.03.2018 23:00, Aaron Turner пишет:
"Usually misconfiguration leads to memory overhead."
This may be true, but if you look in the list archives a few months
ago I basically chased my tail in circles and nobody could tell me
what I was doing wrong and so many of the docs are so old that they're
worse then useless, they seem to suggest the wrong thing.
It was literally leaking GB's worth of RAM. I even disabled all
caching and process sizes were growing into the GB's. Turn off
ssl-bump and the leak went away.
This is what I was using:
<SNIP>
"C++ seems like a language suitable for firing other people's legs."
*****************************
* C++20 : Bug to the future *
*****************************
More information about the squid-users
mailing list