On 26/04/17 10:53, Yuri Voinov wrote:
Ok, but how NO_DEFAULT_CA should help with this?
It prevents OpenSSL copying that 1MB into each incoming client
connections memory. The CAs are only useful there when you have some of
the global CAs as root for client certificates - in which case you stil
Ok, but how NO_DEFAULT_CA should help with this?
26.04.2017 4:29, Amos Jeffries пишет:
> On 26/04/17 09:58, Yuri Voinov wrote:
>>
>> Seriously? 2 Gb RAM for default CA?!
>>
>>
>
> 600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB
>
> All it would take is ~2000 TLS sessions.
>
Ah, shi (goes to set flag)
26.04.2017 4:29, Amos Jeffries пишет:
> On 26/04/17 09:58, Yuri Voinov wrote:
>>
>> Seriously? 2 Gb RAM for default CA?!
>>
>>
>
> 600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB
>
> All it would take is ~2000 TLS sessions.
>
> Since the s
On 26/04/17 09:58, Yuri Voinov wrote:
Seriously? 2 Gb RAM for default CA?!
600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB
All it would take is ~2000 TLS sessions.
Since the session remains cached in OpenSSL after the TCP connection is
gone ... 2GB is not that much.
Seriously? 2 Gb RAM for default CA?!
25.04.2017 20:45, Amos Jeffries пишет:
> On 25/04/17 00:40, Nil Nik wrote:
>> Hello,
>>
>> I am using squid 3.5.23, with heavy HTTPS load squid using almost 2GB
>> of memory. I want to restrict this usages to maximum to 1 GB. This
>> high usages seems due to s
On 25/04/17 00:40, Nil Nik wrote:
Hello,
I am using squid 3.5.23, with heavy HTTPS load squid using almost 2GB
of memory. I want to restrict this usages to maximum to 1 GB. This
high usages seems due to ssl_bump. If I change
'generate-host-certificates' to 'off' then squid usages around 800 M
On 04/23/2017 08:57 PM, Amos Jeffries wrote:
> When the
> forwarding logic looks for an open persistent connection for the Student
> IP:port it might get handed the existing Staff connection
FWIW, this behavior is a Squid bug: Since a peer has several
traffic-affecting properties besides its addr
