com>
Sent: Wednesday, May 3, 2017 11:54 AM
To: Alex Rousskov; squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Huge memory required for squid 3.5
Hi,
NO_DEFAULT_CA doesn't help. Still goes in GB. Can anyone tell me area so that i
can work on?
Regards,
Nil
_
behalf of Yuri <yvoi...@gmail.com>
> *Sent:* Wednesday, May 3, 2017 11:55 AM
> *To:* squid-users@lists.squid-cache.org
> *Subject:* Re: [squid-users] Huge memory required for squid 3.5
>
>
> How big disk cache(s) and how it full?
>
>
> 03.05.2017 17:54, Nil Nik пишет:
&g
Hi,
Its not disk cache, its due to in memory SSL context.
Nil
From: squid-users <squid-users-boun...@lists.squid-cache.org> on behalf of Yuri
<yvoi...@gmail.com>
Sent: Wednesday, May 3, 2017 11:55 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Huge mem
uid-users-boun...@lists.squid-cache.org> on
behalf of Alex Rousskov <rouss...@measurement-factory.com>
*Sent:* Wednesday, April 26, 2017 7:37 PM
*To:* squid-users@lists.squid-cache.org
*Subject:* Re: [squid-users] Huge memory required for squid 3.5
On 04/26/2017 09:35 AM, Yuri
esday, April 26, 2017 7:37 PM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Huge memory required for squid 3.5
On 04/26/2017 09:35 AM, Yuri Voinov wrote:
> This is openssl issue or squid's?
AFAIK, the underlying issue (i.e., bug #4005) is mostly a Squid problem:
Squid
On 04/26/2017 09:35 AM, Yuri Voinov wrote:
> This is openssl issue or squid's?
AFAIK, the underlying issue (i.e., bug #4005) is mostly a Squid problem:
Squid is caching SSL contexts (instead of certificates) and does a poor
job maintaining that cache.
Earlier OpenSSL versions (that had to be
26.04.2017 21:47, Amos Jeffries пишет:
> On 27/04/17 03:35, Yuri Voinov wrote:
>> Amos, stupid question.
>>
>> Why sessions can't share CA's data cached in memory? shared_ptr invented
>> already.
>>
>> This is openssl issue or squid's?
>
> It is in OpenSSL. We use shared_ptr etc in Squid for the
On 27/04/17 03:35, Yuri Voinov wrote:
Amos, stupid question.
Why sessions can't share CA's data cached in memory? shared_ptr invented
already.
This is openssl issue or squid's?
It is in OpenSSL. We use shared_ptr etc in Squid for the things we are
responsible for.
Amos
Hi,
I have the same issue as Nil. I have set No_DEFAULT_CA and also did
"generate-host-certificates=off". I see with these changes it takes more
time reach 2GB but it does reach there (in about 6 hours for me with peak
usage).
These were my settings.
https_port 192.168.0.10:3129
On 26/04/17 10:53, Yuri Voinov wrote:
Ok, but how NO_DEFAULT_CA should help with this?
It prevents OpenSSL copying that 1MB into each incoming client
connections memory. The CAs are only useful there when you have some of
the global CAs as root for client certificates - in which case you
Ok, but how NO_DEFAULT_CA should help with this?
26.04.2017 4:29, Amos Jeffries пишет:
> On 26/04/17 09:58, Yuri Voinov wrote:
>>
>> Seriously? 2 Gb RAM for default CA?!
>>
>>
>
> 600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB
>
> All it would take is ~2000 TLS sessions.
Ah, shi (goes to set flag)
26.04.2017 4:29, Amos Jeffries пишет:
> On 26/04/17 09:58, Yuri Voinov wrote:
>>
>> Seriously? 2 Gb RAM for default CA?!
>>
>>
>
> 600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB
>
> All it would take is ~2000 TLS sessions.
>
> Since the
On 26/04/17 09:58, Yuri Voinov wrote:
Seriously? 2 Gb RAM for default CA?!
600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB
All it would take is ~2000 TLS sessions.
Since the session remains cached in OpenSSL after the TCP connection is
gone ... 2GB is not that
On 25/04/17 00:40, Nil Nik wrote:
Hello,
I am using squid 3.5.23, with heavy HTTPS load squid using almost 2GB
of memory. I want to restrict this usages to maximum to 1 GB. This
high usages seems due to ssl_bump. If I change
'generate-host-certificates' to 'off' then squid usages around 800
Hello,
I am using squid 3.5.23, with heavy HTTPS load squid using almost 2GB of
memory. I want to restrict this usages to maximum to 1 GB. This high usages
seems due to ssl_bump. If I change 'generate-host-certificates' to 'off' then
squid usages around 800 MB of memory. Previously i was using
15 matches
Mail list logo