On 21 April 2016 at 16:48, Alex Rousskov <rouss...@measurement-factory.com> wrote:
> On 04/21/2016 07:18 AM, Odhiambo Washington wrote: > > Is is expected that using ssl_bump results into high CPU usage all the > > time? > > Your question is impossible to answer in general: The CPU usage levels > depend on the amount of Squid traffic, the portion of SSL traffic in the > overall traffic mix, the portion of step1, step2, and step3 traffic in > the SSL traffic mix, hardware resources available to Squid, the number > of Squid workers, and many other factors. > > > acl no_ssl_interception ssl::server_name ... > > ssl_bump splice no_ssl_interception > > ssl_bump peek step1 > > ssl_bump stare step2 > > The above config continues to violate the specific advice given to you > previously: > *Do not mix "peek" and "stare" unless you have a very specific need for > doing so.* > I have noted that instruction. It was actually an oversight caused by slow understanding of the terminologies. Once I have changed to what you advised before, the CPU usage has gone down considerably: acl no_ssl_interception ssl::server_name "/usr/local/etc/squid/ssl_bump_broken_sites.txt" ssl_bump splice no_ssl_interception ssl_bump stare step2 #ssl_bump bump all ssl_bump splice all So basically I should just have two options, I think, no?? Like ssl_bump stare step2 ssl_bump splice all If one day, for some reason I want to bump, then I could change to: acl no_ssl_interception ssl::server_name "/usr/local/etc/squid/ssl_bump_broken_sites.txt" ssl_bump splice no_ssl_interception ssl_bump stare step2 ssl_bump bump all Thank you so much Alex. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
