On 20/06/2013 5:50 p.m., Ahmed Talha Khan wrote:
I must say that the answer has confused me more.
Does squid support SSL session reuse? If so then is it based on the
older ssl session_identifiers or the TLS ticket scheme?
Maybe, and Unknown.
What do you mean when you say unknown? Do you mean that if the origin
server supports ssl session re-use using ticket, squid will only relay
that ticket to the client?Or it will supply a new ticket?
Squid simply relays blocks of octets between OpenSSL and the other end
of the connection.
What is supported, and how it is performed is entirely dependent on
those ends - thus "maybe" about the support question. The squid.conf SSL
settings just expose the library config settings, which are also passed
to the library as-is during setup of the connection. What the library
uses to support any given flag is entirely beyond Squid - so "unkown"
about the implementation specific question.
The next question is that if it does support the session reuse, how is
the session cache maintained by squid?
Squid does not maintain SSL session cache. Squid simply relays details to
and from OpenSSL. What happens in there is up to yoru OpenSSL lirary
configuration.
Squid ss_crtd and validator features maintains a cache of *certificates*
which have been generated or seen in the current traffic.
My question was not related to certificates. I wanted to ask about ssl
sessions reuse.
Also will the session reuse functionality be available both between
client-squid and squid-orginserver.
No. client-squid and squid-origin traffic is unrelated. HTTP/1.1 contains
multiplexing which means any request may arrive in any client connection and
go out any suitable server connection.
What I meant to ask was whether squid offers the ssl session re-use
capability on the client side?
Squid uses the same SSL context structure created by the library to
initialize all new client connections. The library may, or may not
support session re-use (may or may not support "session" at all even).
This is simply outside of Squid.
Amos
