On 06/12/2014 10:06 PM, Guy Helmer wrote:
https_port 3129 intercept ssl-bump connection-auth=off
generate-host-certificates=on dynamic_cert_mem_cache_size=8MB
cert=/etc/squid/ssl/squid.pem key=/etc/squid/ssl/squid.key
sslflags=DELAYED_AUTH
cipher=ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-CAMELLIA128-SHA:AES128-SHA:RC4-SHA:HIGH:!aNULL:!MD5:!ADH
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/squid_ssl_db -M 8MB
sslcrtd_children 50 startup=5 idle=1
ssl_bump server-first all
ssl_bump none localhost
First 8MB of cache for ssl_crtd is not that much... specially for 1000
users.
take a look at these settings:
http://www1.ngtech.co.il/paste/1133/
It seems to me like you are having some kind of loop there.
Why do you use 3.HEAD and not using a more stable version?
Try 3.3.12 or 3.4.5.
You can try my CentOS RPM packages which are working fine for all users
until now and considered as the stables version of squid.
A question:
What are the iptables rules?
What is the lan segments?
Is this squid instance is also your gateway?
Eliezer
