On 07/02/18 19:34, minh hưng đỗ hoàng wrote: > Dear all, i use squid 3.5.20 on ubuntu14 in TPROXY mode. > With basic config in squid.conf, but squid is run out of my server's memory. > Here is my configure option : ... > > https_port 3130 tproxy ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB > cert=/etc/squid/ssl/e1f19c0494badc8dc14e8c4c56a8b97a.dyn Please add sslflags=NO_DEFAULT_CA to the above config line. That should reduce the memory usage a lot. If the problems remains please try: a) removing that patch. It makes your Squid vulnerable to the worst security issues Squid has faced this century. (One of the MANY effects of that vulnerability is ability of remote attackers to consume large amounts of your network resources without any traceability or visibility.) b) upgrade to Squid-4. The version is still in beta due to a few issues, but overall MUCH better for SSL-Bump than Squid-3. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
