Dear all, I am using Squid as a forward proxy. Download speeds through the proxy to the internet, and internal webservers, are fine. However, when forwarding SSL traffic to the same internal servers, the performance is very, very poor. The even stranger thing is that it seems to affect uploads through the proxy far more than downloads. I appreciate that ones first reaction is to check for network problems or indeed check for issues with the upstream SSL server. However, the performance is *far* better when connecting from the outside world (and therefore not going through our proxy). Worse, if I bring up a web browser on the proxy, and go straight to the SSL site, performance for an upload is excellent (e.g. 35Mb file in 2 seconds). If I go through the internal loopback interface of the server, performance is again excellent (35Mb file in 3 seconds). If I then configure the browser to go through the adapter connection of the proxy, the performance is then poor (45 seconds). Worse still, if I connect from a client machine (connected at gigabit through a gigabit switch) then performance is dreadful (3 minutes). At this stage, I do not believe that there is anything wrong with any of the networking equipment, having changed most of it. I have tried modifying Squid's persistent connections stuff, without any effect. A wire trace between Squid and the client shows a long response time from Squid (85ms) and, after each delay, a 64-byte ACK frame back from Squid after every client packet. Squid's cachemgr output shows page faults as 0, low CPU usuage (average 4%) but high select loop time of 120ms. Trying different client software (Firefox instead of IE) shows no difference. Whilst the uploads are in progress, Squid's CPU averages again 3 to 5%. There is still some possibility that there is some kind of network, adapter or adapter driver issue, but can anyone thing of why Squid should be far slower from connected clients, than going through its loopback address, for ** SSL traffic?** Non-SSL traffic is **fine**. A much older version of Squid, 2.3 Stable 4, is also **fine**. I am using Squid 2.6 Stable 14, with select loop (as its the only option for my OS) and 8192 filedescriptors. The operating system is set with selective ACK on and all the usual BSD-style defaults. The OS itself is eCS 1.2R (EMX). Thank you for any thoughts you may have! Regards, Stephen The HENLEY College www.henleycol.ac.uk
