Hi there I was reading this list about the issue with google.com and was playing around - and I used telnet to connect directly to the intercept ssl-bump port. End result was squid immediately went to 99% CPU, and the cache.log started reporting WARNING! Your cache is running out of filedescriptors WARNING! Your cache is running out of filedescriptors WARNING! Your cache is running out of filedescriptors The box staggered to it's knees, so I had to kill squid. Restarted it and everything is fine - until I do that again. If I let the network redirecting work (ie make outbound port 443 connections), this doesn't happen - it's only if I directly connect to the intercept port I have my "http_port intercept" and "https_port intercept" set identically (except for the ssl stuff of course), and yet if I telnet to the http_port set to intercept, this does NOT happen - it works fine... Any ideas where I should look to see what's causing the grief? This is squid-3.4.9. "127.0.0.1" is in /etc/squid/SSL_noIntercept_sites.txt, but not the ethernet IP nor hostname of the proxy if that matters. #egrep '^(https?_port|ssl)|SSL_nonHTTPS|SSL_noInter' /etc/squid/squid.conf http_port 3128 http_port 3126 ssl-bump cert=/etc/squid/squid-CA.cert capath=/etc/ssl/certs/ generate-host-certificates=on dynamic_cert_mem_cache_size=256MB options=ALL http_port 3129 intercept https_port 3127 intercept ssl-bump cert=/etc/squid/squid-CA.cert capath=/etc/ssl/certs/ generate-host-certificates=on dynamic_cert_mem_cache_size=256MB options=ALL sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB sslcrtd_children 32 startup=5 idle=1 acl SSL_nonHTTPS_sites dstdom_regex "/etc/squid/SSL_nonHTTPS_sites.txt" acl SSL_noIntercept_sites dstdom_regex "/etc/squid/SSL_noIntercept_sites.txt" ssl_bump none SSL_nonHTTPS_sites ssl_bump none SSL_noIntercept_sites ssl_bump server-first all sslproxy_cert_error allow SSL_nonHTTPS_sites sslproxy_cert_error allow all -- Cheers Jason Haar Corporate Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users