Amos, stupid question. Why sessions can't share CA's data cached in memory? shared_ptr invented already. This is openssl issue or squid's? 26.04.2017 9:08, Amos Jeffries пишет: > On 26/04/17 10:53, Yuri Voinov wrote: >> Ok, but how NO_DEFAULT_CA should help with this? > > It prevents OpenSSL copying that 1MB into each incoming client > connections memory. The CAs are only useful there when you have some > of the global CAs as root for client certificates - in which case you > still only want to trust the roots you paid for service and not all of > them. > > Just something to try if there are huge memory issues with TLS/SSL > proxying. The default behaviour is fixed for Squid-4 with the config > options changes. But due to being a major surprise for anyone already > relying on global roots for client certs it remains a problem in 3.5. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -- Bugs to the Future
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
