On 12/02/2016 11:04 p.m., Yuri Voinov wrote: > Hi gents. > > Does anybody meet this issue? > > This one: > > ssl_bump peek step1 > ssl_bump splice disable-ssl-bump > ssl_bump stare step2 > ssl_bump bump all > > always lead to much records in cache.log: > > 2016/02/12 15:59:40 kid1| hold write on SSL connection on FD 25 > 2016/02/12 15:59:40 kid1| hold write on SSL connection on FD 85 > 2016/02/12 15:59:47 kid1| hold write on SSL connection on FD 26 > 2016/02/12 15:59:52 kid1| hold write on SSL connection on FD 26 > 2016/02/12 15:59:53 kid1| hold write on SSL connection on FD 10 > > and, then, ran out of filedescriptors soon. > > Note: This is independent from OS/platform/Squid's version. Either 3.5 > or 4.0 - both demonstrate this behaviour. > > If I remove stare rule - issue is gone. But - of course, stare is gone too. > > Question. > > What is this? Bug, feature, by stupid configuration? You know what "stare" does right? Squid sends its ClientHello to the server and puts a "hold" on recieving more TLS data from the client until the upstream server has responded. Then waits for the ServerHello, ... and waits, ... It sounds like yours is waiting a very long time. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
