On 04/21/2016 07:18 AM, Odhiambo Washington wrote: > Is is expected that using ssl_bump results into high CPU usage all the > time? Your question is impossible to answer in general: The CPU usage levels depend on the amount of Squid traffic, the portion of SSL traffic in the overall traffic mix, the portion of step1, step2, and step3 traffic in the SSL traffic mix, hardware resources available to Squid, the number of Squid workers, and many other factors. > acl no_ssl_interception ssl::server_name ... > ssl_bump splice no_ssl_interception > ssl_bump peek step1 > ssl_bump stare step2 The above config continues to violate the specific advice given to you previously: Do not mix "peek" and "stare" unless you have a very specific need for doing so. > I think I read somewhere that 'ssl_bump splice all" is the default > behaviour, hence why I have commented it out. All I need is just become > a TCP tunnel without decrypting proxied traffic. "splice all" is not the default in the latest Squids. The default there is closer to something like "bump if the last step was 'stare' and splice otherwise". I do not remember what the default is in your Squid version, but, as Amos has already said, relying on _any_ default in this complex environment is the wrong approach. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
