Slow TLS authentications with Squid

bobtskutter · October 1, 2018, 9:29am

@m.traeumner thanks.
The reason I’m asking is because I’m seeing slow TLS authentications with Squid and Transparent SSL proxy. I note that squid does its own DNS lookup and attempts a lookup with IPV6 before IPV4. I’ve added the option dns_v4_first on to squid.conf and that’s improved things a little, but the best performance is when the transparent SSL proxy is disabled. It’s not causing me problems, it’s just a little annoying waiting for the browser session to authenticate with the remote host.
Regards
Bob

m.traeumner · October 1, 2018, 9:48am

@davidep
Are there new plans about it?

davidep · October 1, 2018, 11:43am

AFAIK still no plans for ipv6 on ns7, anyway the issue could be on squid configuration. @giacomo?

giacomo · October 1, 2018, 11:58am

This the first time someone reports such behavior.
Maybe you can try also changing the upstream DNS.
We currently use 1.1.1.1 and 1.0.0.1.

Otherwise a template-custom with the dns_v4_first option can be a workable solution for your installation.

If the problem will affect other users we can add the above option to the package.