On 05/04/11 20:01, Víctor José Hernández Gómez wrote:
Dear squid users, we remember to have measured the percentage of bandwitch devoted to SSL in our squid installation, and it was about 10 percent of total traffic. SSL is not cacheable, and I think its use is increasing. I wonder if there is any experience with squid software using SSL engines (hardware devices) via openssl to get a better behaviour (that is, better perfomance) of SSL traffic.
What do you think Squid would do with such hardware? HTTPS traffic is encrypted/decrypted by the client and server. Squid just shuffles their pre-encrypted bytes to and fro.
Any other idea regarding SSL treatment would be very welcome (parameter tuning either on SO, squid, or openssl, etc..)
If Squid is peritted to see the HTTP reuqets inside the SSL they are usually as cacheable as non-SSL requests.
Please help us encourage the browser developers to make SSL links to a trusted SSL-enabled proxy and pass the requests to it. Then we can all benefit from improved HTTPS speeds.
For now the tunneling Squid perform as good as non-caching proxies. Or in situations where ssl-bump feature can be used they work slower but with cache HITs being possible.
Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.6