Search squid archive

Re: SSL traffic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/04/11 20:01, Víctor José Hernández Gómez wrote:
Dear squid users,

we remember to have measured the percentage of bandwitch devoted to SSL
in our squid installation, and it was about 10 percent of total traffic.

SSL is not cacheable, and I think its use is increasing. I wonder if
there is any experience with squid software using SSL engines (hardware
devices) via openssl to get a better behaviour (that is, better
perfomance) of SSL traffic.

What do you think Squid would do with such hardware? HTTPS traffic is encrypted/decrypted by the client and server. Squid just shuffles their pre-encrypted bytes to and fro.


Any other idea regarding SSL treatment would be very welcome (parameter
tuning either on SO, squid, or openssl, etc..)

If Squid is peritted to see the HTTP reuqets inside the SSL they are usually as cacheable as non-SSL requests.

Please help us encourage the browser developers to make SSL links to a trusted SSL-enabled proxy and pass the requests to it. Then we can all benefit from improved HTTPS speeds.


For now the tunneling Squid perform as good as non-caching proxies. Or in situations where ssl-bump feature can be used they work slower but with cache HITs being possible.

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.6


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux