I will put the splice explicitly and observe. Without ssl_bump I never saw such cpu usage with squid.
However, lemme watch and also listen to feedback.. On 21 April 2016 at 16:34, Amos Jeffries <squ...@treenet.co.nz> wrote: > On 22/04/2016 1:18 a.m., Odhiambo Washington wrote: > > Is is expected that using ssl_bump results into high CPU usage all the > > time? > > > > Encryption adds CPU overhead, but how much depends on what your normal > use was. I dont think any of us have a good rule-of-thumb or educated > guess yet because Squid code has been changing so much. > > If its worrying you, I suggest trying your favourite profiling tools out > and see if anything useful shows up. > > > > This is squid-3.5.17 > > > > That is what I am seeing: > > > > last pid: 26673; load averages: 2.24, 2.00, 2.10 > > > > up 0+03:47:56 16:08:30 > > 160 processes: 2 running, 157 sleeping, 1 zombie > > CPU: 86.1% user, 0.0% nice, 7.8% system, 3.3% interrupt, 2.7% idle > > Mem: 843M Active, 1942M Inact, 185M Wired, 43M Cache, 89M Buf, 97M Free > > Swap: 5900M Total, 1248K Used, 5899M Free > > > > PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU > > COMMAND > > 13309 squid 17 20 0 305M 264M uwait 0 7:38 80.86% > > squid > > 26088 squid 1 21 0 12812K 5352K sbwait 1 0:04 2.49% > > ssl_crtd > > 26090 squid 1 20 0 12812K 5272K sbwait 1 0:01 0.88% > > ssl_crtd > > > > > > My config has: > > > > > > > > acl no_ssl_interception ssl::server_name > > "/usr/local/etc/squid/ssl_bump_broken_sites.txt" > > ssl_bump splice no_ssl_interception > > ssl_bump peek step1 > > ssl_bump stare step2 > > #ssl_bump bump all > > #ssl_bump splice all > > > > I think I read somewhere that 'ssl_bump splice all" is the default > > behaviour, hence why I have commented it out. All I need is just become a > > TCP tunnel without decrypting proxied traffic. > > I wouldn't rely on the default for things like this. Squid makes a > *guess* based on what data it has to work with on a per-connection > basis. There is no extra cost to having it configured, Squid has to > check the whole set anyway. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users