Re: [squid-users] Issues with ssl-bump in 3.HEAD

From: Eliezer Croitoru <>
Date: Fri, 13 Jun 2014 01:43:02 +0300

On 06/12/2014 10:06 PM, Guy Helmer wrote:
> https_port 3129 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=8MB cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key sslflags=DELAYED_AUTH cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
>>sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 8MB
>>sslcrtd_children 50 startup=5 idle=1
>>ssl_bump server-first all
>>ssl_bump none localhost
First 8MB of cache for ssl_crtd is not that much... specially for 1000
take a look at these settings:
It seems to me like you are having some kind of loop there.
Why do you use 3.HEAD and not using a more stable version?
Try 3.3.12 or 3.4.5.
You can try my CentOS RPM packages which are working fine for all users
until now and considered as the stables version of squid.

A question:
What are the iptables rules?
What is the lan segments?
Is this squid instance is also your gateway?

Received on Thu Jun 12 2014 - 22:45:10 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 13 2014 - 12:00:06 MDT