Let us break down the two cases: On Thu, Jun 20, 2013 at 12:58 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 20/06/2013 6:11 p.m., Ahmed Talha Khan wrote: >> >> Ok lets assume that my library does support tickets. The end-server >> also does that. Now how will squid manage those tickets? Will it >> simply relay the ticket coming from the origin server side to the >> client and vice-versa? > > > Depends on whether we are talking about SSL through CONNECT tunnels, or to > an https_port. The CONNECT tunnel relays everything end-to-end from cleint > to server and back again. 1) SSL is working through CONNECT tunnels and SSL_BUMP is configured on it. Now squid is acting as if a direct connection was made to the https_port. What would be the behaviour of SSL session re-use? > The https_port terminates the client SSL at Squid > - it is fully independent from the server connections. Remember the server > connection in Squid may not even be HTTPS ... 2) SSL is working directly to https_port i.e squid is terminating HTTPS. Also my servers are guaranteed to have HTTPS backend. What will be the behaviour of SSL session reuse in this case? I am asking for both the conditions because I use squid in both CONNECT and transparent mode. > Squid supports Gopher, WAIS, > FTP, HTTP, and HTTPS backends. > And HTTP multipexing means any two requests > arriving from the client may use different server connections and/or backend > services. Use of different connections to the same server should not effect the SSL reuse behaviour. That is the whole point of it. Isnt it? Also, two requests originally for the same server will always go to that same server. Multiplexing could only change the connection to that server and I pointed out earlier that it should not effect SSL session re-use? > Amos > -- Regards, -Ahmed Talha Khan