quid-users@lists.squid-cache.org
Subject: Re: [squid-users] Huge memory required for squid 3.5
Hi,
NO_DEFAULT_CA doesn't help. Still goes in GB. Can anyone tell me area so that i
can work on?
Regards,
Nil
From: squid-users on behalf of Alex
Rousskov
Sent: Wedn
1:55 AM
> *To:* squid-users@lists.squid-cache.org
> *Subject:* Re: [squid-users] Huge memory required for squid 3.5
>
>
> How big disk cache(s) and how it full?
>
>
> 03.05.2017 17:54, Nil Nik пишет:
>> Hi,
>>
>>
>> NO_DEFAULT_CA doesn't help. Sti
Hi,
Its not disk cache, its due to in memory SSL context.
Nil
From: squid-users on behalf of Yuri
Sent: Wednesday, May 3, 2017 11:55 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Huge memory required for squid 3.5
How big disk cache(s) and how it full?
03.05.2017
s on
behalf of Alex Rousskov
*Sent:* Wednesday, April 26, 2017 7:37 PM
*To:* squid-users@lists.squid-cache.org
*Subject:* Re: [squid-users] Huge memory required for squid 3.5
On 04/26/2017 09:35 AM, Yuri Voinov wrote:
> This is openssl issue or squid's?
AFAIK, the underlying issue (i.e.,
squid-users] Huge memory required for squid 3.5
On 04/26/2017 09:35 AM, Yuri Voinov wrote:
> This is openssl issue or squid's?
AFAIK, the underlying issue (i.e., bug #4005) is mostly a Squid problem:
Squid is caching SSL contexts (instead of certificates) and does a poor
job maintaini
On 04/26/2017 09:35 AM, Yuri Voinov wrote:
> This is openssl issue or squid's?
AFAIK, the underlying issue (i.e., bug #4005) is mostly a Squid problem:
Squid is caching SSL contexts (instead of certificates) and does a poor
job maintaining that cache.
Earlier OpenSSL versions (that had to be use
26.04.2017 21:47, Amos Jeffries пишет:
> On 27/04/17 03:35, Yuri Voinov wrote:
>> Amos, stupid question.
>>
>> Why sessions can't share CA's data cached in memory? shared_ptr invented
>> already.
>>
>> This is openssl issue or squid's?
>
> It is in OpenSSL. We use shared_ptr etc in Squid for the
On 27/04/17 03:35, Yuri Voinov wrote:
Amos, stupid question.
Why sessions can't share CA's data cached in memory? shared_ptr invented
already.
This is openssl issue or squid's?
It is in OpenSSL. We use shared_ptr etc in Squid for the things we are
responsible for.
Amos
___
Amos, stupid question.
Why sessions can't share CA's data cached in memory? shared_ptr invented
already.
This is openssl issue or squid's?
26.04.2017 9:08, Amos Jeffries пишет:
> On 26/04/17 10:53, Yuri Voinov wrote:
>> Ok, but how NO_DEFAULT_CA should help with this?
>
> It prevents OpenSSL co
Hi,
I have the same issue as Nil. I have set No_DEFAULT_CA and also did
"generate-host-certificates=off". I see with these changes it takes more
time reach 2GB but it does reach there (in about 6 hours for me with peak
usage).
These were my settings.
https_port 192.168.0.10:3129 generate-host-c
On 26/04/17 10:53, Yuri Voinov wrote:
Ok, but how NO_DEFAULT_CA should help with this?
It prevents OpenSSL copying that 1MB into each incoming client
connections memory. The CAs are only useful there when you have some of
the global CAs as root for client certificates - in which case you stil
Ok, but how NO_DEFAULT_CA should help with this?
26.04.2017 4:29, Amos Jeffries пишет:
> On 26/04/17 09:58, Yuri Voinov wrote:
>>
>> Seriously? 2 Gb RAM for default CA?!
>>
>>
>
> 600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB
>
> All it would take is ~2000 TLS sessions.
>
Ah, shi (goes to set flag)
26.04.2017 4:29, Amos Jeffries пишет:
> On 26/04/17 09:58, Yuri Voinov wrote:
>>
>> Seriously? 2 Gb RAM for default CA?!
>>
>>
>
> 600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB
>
> All it would take is ~2000 TLS sessions.
>
> Since the s
On 26/04/17 09:58, Yuri Voinov wrote:
Seriously? 2 Gb RAM for default CA?!
600 (number of default CAs) x 2048 (minimum size of CA cert) -> ~1 MB
All it would take is ~2000 TLS sessions.
Since the session remains cached in OpenSSL after the TCP connection is
gone ... 2GB is not that much.
Seriously? 2 Gb RAM for default CA?!
25.04.2017 20:45, Amos Jeffries пишет:
> On 25/04/17 00:40, Nil Nik wrote:
>> Hello,
>>
>> I am using squid 3.5.23, with heavy HTTPS load squid using almost 2GB
>> of memory. I want to restrict this usages to maximum to 1 GB. This
>> high usages seems due to s
On 25/04/17 00:40, Nil Nik wrote:
Hello,
I am using squid 3.5.23, with heavy HTTPS load squid using almost 2GB
of memory. I want to restrict this usages to maximum to 1 GB. This
high usages seems due to ssl_bump. If I change
'generate-host-certificates' to 'off' then squid usages around 800 M
Hello,
I am using squid 3.5.23, with heavy HTTPS load squid using almost 2GB of
memory. I want to restrict this usages to maximum to 1 GB. This high usages
seems due to ssl_bump. If I change 'generate-host-certificates' to 'off' then
squid usages around 800 MB of memory. Previously i was using
17 matches
Mail list logo
