On 28/12/2011 12:44 p.m., someone wrote:
Allright, many of you know me here from some of my previous posts, and Im sure if I went a googling Id find answers to my questions but hey, why, when im subscribed to the squid-cache users mailing list~ hehe. Well anyway, ive never used squid for ssl/https:443 before and noticed one of my clients playing a lot of that farmville crap on facebook, sometimes uses ssl, and farmville uses a considerable ammount of bandwidth. I wanna intercept all of that wasted redownloads so, since farmville seems to be using https more, my clients arent getting the benefit of my squid cache :(, welp now its time to enable ssl "bump" or w/e they call it in squid. ok, as I understand squid must be compiled to cache ssl http content? Because im using a vanilla version that ships with debian squeeze. see below.
On Debian yes, it must be re-compiled with --enable-ssl. The Debian policy has problems with the way Squid (GPLv2+) and OpenSSL (proprietary) licenses combine.
One day someone will get around to adding GNUTLS support and the SSL problem will go away. So far nobody has supplied patches for it. There are both a debian and Squid project bugs about GNUTLS if you want to subscribe for notice when that happens.
Amos
