Re: [squid-users] Squid-3.5.28 slowdown

> On 1 Mar 2019, at 9:34 pm, Enrico Heine wrote: > > >>just a shot into the dark<<, is it possible that you use the adaption > >>service for ICAP? There is an eCAP adaptation service but not ICAP, would eCAP be effected by the same condition reported the bug report you linked to? Early in t

[squid-users] Squid-3.5.28 slowdown

Hi Guys, I have a squid-3.5.28 installation that is deployed to do transparent ssl-bump of HTTPS traffic (linux bridge, tproxy). The server is not overly busy, CPU and RAM usage is low + no swap being used yet regularly the squid service is choking HTTPS traffic to a point where websites are t

[squid-users] TCP_TUNNEL and ecap

Hi All, I have an ecap adapter that amongst other things tracks response size. This works fine for HTTP and ssl-bump'd HTTPS but not for TCP_TUNNEL responses as they are not seen by the ecap adapter. I understand that in most cases adaptation of a tunnelled HTTPS response is pointless as it w

[squid-users] ssl-bump splice on unsupported ciphers

Hi All, I've read a few articles that indicate squid-3.5 and below doesn't support ssl-bump'ing ECDHE ciphers. Is this correct? If so, is it possible to create/structure acl and ssl-bump rules to splice on unsupported ciphers? I've looked through the available ACL options and doesn't seem to

Re: [squid-users] ssl_bump peek in squid-3.5.3

> On 23 Apr 2015, at 9:22 pm, James Lay wrote: > > Michael, > > Could you post your entire config here if possible? Many of us continue to > face challenges with ssl_bump and a working config would be great. Thank you. > > James My ssl_bump configuration is contained in a separate conf fil

Re: [squid-users] ssl_bump peek in squid-3.5.3

> On 23 Apr 2015, at 4:28 pm, Michael Hendrie wrote: > > >> On 23 Apr 2015, at 4:21 pm, Amos Jeffries wrote: >> >> On 23/04/2015 6:29 p.m., Michael Hendrie wrote: >>> Hi All >>> >>> I’ve been running squid-3.4.x in tproxy mode wit

Re: [squid-users] ssl_bump peek in squid-3.5.3

> On 23 Apr 2015, at 4:21 pm, Amos Jeffries wrote: > > On 23/04/2015 6:29 p.m., Michael Hendrie wrote: >> Hi All >> >> I’ve been running squid-3.4.x in tproxy mode with ssl_bump >> server-first for some time and has been working great. >> >> I hav

[squid-users] ssl_bump peek in squid-3.5.3

Hi All I’ve been running squid-3.4.x in tproxy mode with ssl_bump server-first for some time and has been working great. I have just moved to 3.5.3 to use peek to overcome some issues with sites that require SNI to serve up the correct certificate. In most cases this is work well however I se

Re: [squid-users] assertion failed: ../src/ipc/AtomicWord.h:88: "Enabled()"

On 27 Mar 2015, at 9:17 am, Dan Charlesworth mailto:d...@getbusi.com>> wrote: > > Bumping this because I think it might have gone into the black hole the other > night. > >> On 23 Mar 2015, at 5:44 pm, Dan Charlesworth > > wrote: >> >> Turns out it’s also shitting the b