Hey Alex,
I am unsure about the reason of breakage of these sites since I have
never used squid SSL-BUMP else then compiling it yet.
Claiming it's a specific version of OpenSSL is quite a claim.
If you have tried with another version I would say you can claim it.
I would say that breaking any full duplex protocol is always seems like
a bad idea to me.
I have seen other systems that *breaks* and bump ssl connections like
gmail and other sites.
And since I have seen other software *results* I would say the reason is
probably not OpenSSl directly but I cannot prove it yet.
I do hope that you can give examples to sites that do not play well with
SSLBump so I and others can test it.
If we test we can try to fix and debug it.
Please take your time and give a list of sites that can be tested which
are not banks or money originations to make sure that the root and
source of the problem with SSL-BUMP is one way or another solvable.
If you can take a sec to file at http://bugs.squid-cache.org/ it will
help the project a lot.
Thanks,
Eliezer
On 07/11/2013 10:39 PM, Alex Crow wrote:
> Hi Eliezer,
>
> I build .debs for squeeze, basically copying the debian subdir from the
> source packages into the extracted archives and adjusting accordingly
> (ie modifying Changelog and deleteting old patches) I tried wheezy but
> the OpenSSL 1.0.1 horribly breaks *loads* of sites when using SSLBump.
>
> Cheers
>
> Alex
>
>
>
> On 11/07/13 20:30, Eliezer Croitoru wrote:
>> Squid 3.3.7 is out and there was a new leak that was fixed and might
>> caused the problem you are referring to.
>>
>> If you have used my RPM there is an update to 3.3.6 which not includes
>> the latest patches and a 3.3.7 with all the patches will probably be out
>> next week since it builds fine.
>> What version of linux are you using?
>>
>> Eliezer
>>
>> On 07/11/2013 08:32 PM, Alex Crow wrote:
>>> Hi all,
>>>
>>> I've been running 3.3.5 with NTLM auth an icap service (c-icap with
>>> clamav) and SSL Bump/Dynamic cert, and I've noticed that the squid3
>>> process rapidly consumes almost all of my RAM (12G) within just a few
>>> hours:
>>>
>>> 16143 proxy 20 0 8554m 8.2g 5788 S 0 69.6 35:09.43 squid3
>>>
>>> My cache_mem is 4GB, and my disk cache is 48GB, which should, according
>>> to estimates, use between 4.5 and 5.5G. (We only have about 350 users).
>>>
>>> We were quite happily using 3.2.11 with the same parameters. Has anyone
>>> else noticed very high memory usage with Squid 3.3.x in a similar setup?
>>>
>>> Thanks
>>>
>>> Alex
>
Received on Thu Jul 11 2013 - 20:04:30 MDT
This archive was generated by hypermail 2.2.0 : Fri Jul 12 2013 - 12:00:12 MDT