Hey Alex, I am unsure about the reason of breakage of these sites since I have never used squid SSL-BUMP else then compiling it yet. Claiming it's a specific version of OpenSSL is quite a claim. If you have tried with another version I would say you can claim it. I would say that breaking any full duplex protocol is always seems like a bad idea to me. I have seen other systems that *breaks* and bump ssl connections like gmail and other sites. And since I have seen other software *results* I would say the reason is probably not OpenSSl directly but I cannot prove it yet. I do hope that you can give examples to sites that do not play well with SSLBump so I and others can test it. If we test we can try to fix and debug it. Please take your time and give a list of sites that can be tested which are not banks or money originations to make sure that the root and source of the problem with SSL-BUMP is one way or another solvable. If you can take a sec to file at http://bugs.squid-cache.org/ it will help the project a lot. Thanks, Eliezer On 07/11/2013 10:39 PM, Alex Crow wrote: > Hi Eliezer, > > I build .debs for squeeze, basically copying the debian subdir from the > source packages into the extracted archives and adjusting accordingly > (ie modifying Changelog and deleteting old patches) I tried wheezy but > the OpenSSL 1.0.1 horribly breaks *loads* of sites when using SSLBump. > > Cheers > > Alex > > > > On 11/07/13 20:30, Eliezer Croitoru wrote: >> Squid 3.3.7 is out and there was a new leak that was fixed and might >> caused the problem you are referring to. >> >> If you have used my RPM there is an update to 3.3.6 which not includes >> the latest patches and a 3.3.7 with all the patches will probably be out >> next week since it builds fine. >> What version of linux are you using? >> >> Eliezer >> >> On 07/11/2013 08:32 PM, Alex Crow wrote: >>> Hi all, >>> >>> I've been running 3.3.5 with NTLM auth an icap service (c-icap with >>> clamav) and SSL Bump/Dynamic cert, and I've noticed that the squid3 >>> process rapidly consumes almost all of my RAM (12G) within just a few >>> hours: >>> >>> 16143 proxy 20 0 8554m 8.2g 5788 S 0 69.6 35:09.43 squid3 >>> >>> My cache_mem is 4GB, and my disk cache is 48GB, which should, according >>> to estimates, use between 4.5 and 5.5G. (We only have about 350 users). >>> >>> We were quite happily using 3.2.11 with the same parameters. Has anyone >>> else noticed very high memory usage with Squid 3.3.x in a similar setup? >>> >>> Thanks >>> >>> Alex >
