Search squid archive

Re: Does squid support TLS ticket based SSL session reuse?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Let us break down the two cases:


On Thu, Jun 20, 2013 at 12:58 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
> On 20/06/2013 6:11 p.m., Ahmed Talha Khan wrote:
>>
>> Ok lets assume that my library does support tickets. The end-server
>> also does that. Now how will squid manage those tickets?  Will it
>> simply relay the ticket coming from the origin server side to the
>> client and vice-versa?
>
>
> Depends on whether we are talking about SSL through CONNECT tunnels, or to
> an https_port. The CONNECT tunnel relays everything end-to-end from cleint
> to server and back again.

1) SSL is working through CONNECT tunnels and SSL_BUMP is configured
on it. Now squid is acting as if a direct connection was made to the
https_port. What would be the behaviour of SSL session re-use?

> The https_port terminates the client SSL at  Squid
> - it is fully independent from the server connections. Remember the server
> connection in Squid may not even be HTTPS ...

2) SSL is working directly to https_port i.e squid is terminating
HTTPS. Also my servers are guaranteed to have HTTPS backend. What will
be the behaviour of SSL session reuse in this case?

I am asking for both the conditions because I use squid in both
CONNECT and transparent mode.

>  Squid supports Gopher, WAIS,
> FTP, HTTP, and HTTPS backends.

> And HTTP multipexing means any two requests
> arriving from the client may use different server connections and/or backend
> services.

Use of different connections to the same server should not effect the
SSL reuse behaviour. That is the whole point of it. Isnt it?  Also,
two requests originally for the same server will always go to that
same server. Multiplexing could only change the connection to that
server and I pointed out earlier that it should not effect SSL session
re-use?



> Amos
>



--
Regards,
-Ahmed Talha Khan




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux