On 15/12/2016 6:24 a.m., noc@xxxxxxxxxxxxx wrote: > Eliezer, thanks for your reply. Guides: > http://wiki.squid-cache.org/Features/SslBump > http://wiki.squid-cache.org/Features/SslPeekAndSplice > https://habrahabr.ru/post/267851/ <-- Russian lang > https://habrahabr.ru/post/272733/ <-- Russian lang > >> First goes first change this: 13130: > Done, nothing changed. Squid died. > > Maby it will be work fine whith lower load even with https. But I don't > understand, why it killed by a kernel rather than just update memory by new > one. > > http://wiki.squid-cache.org/Features/SslBump >> Memory usage >> >> /!\ Warning: Unlike the rest of this page at the time of writing, this > section applies to Squid-3.3 and possibly later code capable of dynamic SSL > certificate generation and origin server certificate mimicking. The current > section text is intended primarily for developers and early adopters facing > excessive memory consumption in certain SslBump environments. These notes > may be relocated elsewhere if a better location is found. >> >> Current documentation is specific to bump-server-first configurations. > > In attach server statistic. > I think you still have a forwarding loop. Does the cisco WCCP send port 443 connections from Squid to reach the Internet instead of sending them back into Squid. The Via header will protect against HTTP messages looping, but the TLS handshake traffic has no such protection. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users