[squid-users] HTTPS Connect requests are slow

Hi all.

I'm not an expert of Squid and I already tried googling for a solution.

I'm facing troubles with Squid (currently using 3.0PRE5 on Debian
etch, but already tried 2.6 branch) surfing on https sites (webmail and
internet banking in particular).

Surfing on those sites, ssl connections seems really slow. The browser
freeze rendering the page, which appear white but with the correct
sitename on the titlebar, or it doesn't render the page at all.

The strange behavior happens *only* with Internet Explorer (6th
release, don't know with the 7th). Firefox and Opera works well.

I really don't know what to look for, because this is my first real
world installation for a hundreds-user environment.

I attach my configuration (sorry for the long post), hoping in your help
or suggestions.

====================================
http_port 3128
icp_port 0
 htcp_port 0

acl static_content urlpath_regex -i \.(jpg|gif|png|ico|css|js|doc|pdf|mp3)$
no_cache allow static_content

 acl post_requests method POST
no_cache deny post_requests

#acl gmail urlpath_regex mail\.google\.com
 #always_direct allow gmail

#acl trenitalia urlpath_regex bankpass\.ssb\.it*trenitalia
#always_direct allow trenitalia

 hierarchy_stoplist cgi-bin ?
acl DENY urlpath_regex cgi-bin \?
no_cache deny DENY

 cache_mem 128 MB
cache_swap_low 90
 cache_swap_high 95

maximum_object_size 4096 KB
 maximum_object_size_in_memory 12 KB

 ipcache_size 512
ipcache_low 90
 ipcache_high 95

fqdncache_size 512

cache_replacement_policy lru
 memory_replacement_policy lru

cache_dir aufs /cache/cache1 1024 16 256

refresh_pattern ^ftp: 1440 20% 10080
 refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

quick_abort_min 32 KB
 quick_abort_max 128 KB
quick_abort_pct 93

acl all src 0.0.0.0/0.0.0.0

 acl manager proto cache_object

 acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443
 acl SSL_ports port 4343

 acl Safe_ports port 21 # ftp
acl Safe_ports port 80 # http
 acl Safe_ports port 443 # https

 acl CONNECT method CONNECT

 acl purge method PURGE

acl snmp_get snmp_community proxystat

acl MyNetworks src 172.28.0.0/16

 http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports
 http_access deny CONNECT !SSL_ports
http_access allow MyNetworks
http_access allow localhost
 http_access deny all

http_reply_access allow all

snmp_port 3401
snmp_access allow snmp_get localhost
snmp_access deny all

 client_db on
client_netmask 255.255.255.255
forwarded_for on

 # cache_access_log /var/log/squid3/access.log
# cache_log /var/log/squid3/cache.log
cache_store_log none
 emulate_httpd_log off
# mime_table /etc/squid/mime.conf
 # pid_filename /var/run/squid.pid
# debug_options ALL,1
 # negative_ttl 5 minutes
# range_offset_limit 0 KB
 cache_mgr root@localhost
logfile_rotate 4
 relaxed_header_parser warn

 buffered_logs on

dns_nameservers 151.99.0.100

offline_mode off

coredump_dir /var/spool/squid3

half_closed_clients off

 client_persistent_connections off

 # pipeline_prefetch off

ie_refresh on
 ====================================

-- 
Michele