[squid-users] ssl-bump pause for 2 minutes for certain sites from Ming Fu on 2010-12-16 (squid-users)

From: Ming Fu <Ming.Fu_at_watchguard.com>
Date: Thu, 16 Dec 2010 19:45:00 +0000

Hi,

When using squid 3.1.9 and ssl-bump, access to https://www.e-secure-it.com/info.html will cause squid RESPMOD to pause for about 2 minutes when sending the body playload to the ICAP server. The payload will eventually arrive. Just can't explain what happens during the 2 minute.

Tcpdump on port 443 show that there is a pause during the end of SSL transaction with the e-secure. The time of the port 443 pause correlates to the pause of ICAP body upload. But there is no such pause when browser is direct connected to the e-secure site without squid in the middle.

Below are the tcpdumps of the traffic, note the pause happens on 13:40:45

Tcpdump snip of port 443, 10.1.19.16 is the squid box

3:38:35.047078 IP 89.184.165.228.https > 10.1.19.16.50768: . 107523:108911(1388) ack 2141 win 64944 <nop,nop,timestamp 55051709 124354221>
13:38:35.047088 IP 10.1.19.16.50768 > 89.184.165.228.https: . ack 108911 win 8154 <nop,nop,timestamp 124354317 55051709>
13:38:35.047091 IP 89.184.165.228.https > 10.1.19.16.50768: . 108911:110299(1388) ack 2141 win 64944 <nop,nop,timestamp 55051709 124354221>
13:38:35.047204 IP 10.1.19.16.50768 > 89.184.165.228.https: . ack 110299 win 8328 <nop,nop,timestamp 124354317 55051709>
13:38:35.047236 IP 89.184.165.228.https > 10.1.19.16.50768: . 110299:111687(1388) ack 2141 win 64944 <nop,nop,timestamp 55051709 124354222>
13:38:35.047392 IP 89.184.165.228.https > 10.1.19.16.50768: . 111687:113075(1388) ack 2141 win 64944 <nop,nop,timestamp 55051709 124354222>
13:38:35.047401 IP 10.1.19.16.50768 > 89.184.165.228.https: . ack 113075 win 8154 <nop,nop,timestamp 124354317 55051709>
13:38:35.047405 IP 89.184.165.228.https > 10.1.19.16.50768: P 113075:113425(350) ack 2141 win 64944 <nop,nop,timestamp 55051709 124354222>
13:38:35.148063 IP 10.1.19.16.50768 > 89.184.165.228.https: . ack 113425 win 8328 <nop,nop,timestamp 124354418 55051709>
13:40:45.414223 IP 89.184.165.228.https > 10.1.19.16.50768: R 113425:113425(0) ack 2141 win 0

Tcpdump snip of ICAP

13:38:34.954401 IP 10.1.19.16.59226 > 10.1.19.25.5099: P 102382:102987(605) ack 1662 win 8326 <nop,nop,timestamp 124354224 1375105687>
13:38:34.954437 IP 10.1.19.16.59226 > 10.1.19.25.5099: . 102987:104435(1448) ack 1662 win 8326 <nop,nop,timestamp 124354224 1375105687>
13:38:34.954442 IP 10.1.19.16.59226 > 10.1.19.25.5099: P 104435:105040(605) ack 1662 win 8326 <nop,nop,timestamp 124354224 1375105687>
13:38:34.954487 IP 10.1.19.16.59226 > 10.1.19.25.5099: . 105040:106488(1448) ack 1662 win 8326 <nop,nop,timestamp 124354224 1375105687>
13:38:34.954491 IP 10.1.19.16.59226 > 10.1.19.25.5099: P 106488:107085(597) ack 1662 win 8326 <nop,nop,timestamp 124354224 1375105687>
13:38:34.954713 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 92117 win 8145 <nop,nop,timestamp 1375105781 124354224>
13:38:34.954870 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 92722 win 8250 <nop,nop,timestamp 1375105781 124354224>
13:38:34.955027 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 94775 win 8069 <nop,nop,timestamp 1375105781 124354224>
13:38:34.955184 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 96828 win 8069 <nop,nop,timestamp 1375105782 124354224>
13:38:34.955341 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 98276 win 8145 <nop,nop,timestamp 1375105782 124354224>
13:38:34.955498 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 98881 win 8250 <nop,nop,timestamp 1375105782 124354224>
13:38:34.955503 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 100934 win 8069 <nop,nop,timestamp 1375105782 124354224>
13:38:34.955655 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 102382 win 8145 <nop,nop,timestamp 1375105782 124354224>
13:38:34.955812 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 102987 win 8250 <nop,nop,timestamp 1375105782 124354224>
13:38:34.955817 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 105040 win 8069 <nop,nop,timestamp 1375105782 124354224>
13:38:34.956126 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 107085 win 8070 <nop,nop,timestamp 1375105783 124354224>
13:38:35.047538 IP 10.1.19.16.59226 > 10.1.19.25.5099: . 107085:108533(1448) ack 1662 win 8326 <nop,nop,timestamp 124354317 1375105783>
13:38:35.047543 IP 10.1.19.16.59226 > 10.1.19.25.5099: P 108533:109138(605) ack 1662 win 8326 <nop,nop,timestamp 124354317 1375105783>
13:38:35.048036 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 108533 win 8145 <nop,nop,timestamp 1375105874 124354317>
13:38:35.048193 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 109138 win 8250 <nop,nop,timestamp 1375105874 124354317>
13:40:45.414333 IP 10.1.19.16.59226 > 10.1.19.25.5099: . 109138:110586(1448) ack 1662 win 8326 <nop,nop,timestamp 124484684 1375105874>
13:40:45.414339 IP 10.1.19.16.59226 > 10.1.19.25.5099: P 110586:111191(605) ack 1662 win 8326 <nop,nop,timestamp 124484684 1375105874>
13:40:45.414382 IP 10.1.19.16.59226 > 10.1.19.25.5099: . 111191:112639(1448) ack 1662 win 8326 <nop,nop,timestamp 124484684 1375105874>
13:40:45.414387 IP 10.1.19.16.59226 > 10.1.19.25.5099: P 112639:113244(605) ack 1662 win 8326 <nop,nop,timestamp 124484684 1375105874>
13:40:45.414423 IP 10.1.19.16.59226 > 10.1.19.25.5099: . 113244:114692(1448) ack 1662 win 8326 <nop,nop,timestamp 124484684 1375105874>
13:40:45.414913 IP 10.1.19.25.5099 > 10.1.19.16.59226: . ack 110586 win 8145 <nop,nop,timestamp 1375235703 124484684>

Ming
Received on Thu Dec 16 2010 - 19:45:10 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 17 2010 - 12:00:02 MST