Search squid archive

Re: Newbie question - Why use SSL Bumping?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 18/03/2014 8:27 a.m., Rafael Akchurin wrote:
> To filter the contents of HTTPS . E.g. enforce YouTune Safe Search on all your devices, etc.

* malware scanning.

* bandwidth reduction from caching of HTTPS objects same as HTTP ones
(though separately). HIT ratio for HTTPS is smaller than for HTTP these
days but still significantly non-zero.


* performance optimization from reducing TLS load on the backend servers.

One of the big benefits of caching in HTTP that is being ignored by the
"TLS everywhere" crowd with their apparent hatred of middleware, is that
middleware caches soak up a significant amount of DDoS traffic in HTTP.

The stats from Wikipedia a few years back showed that over 95% of the
client traffic was being served from their Squid farm as a baseline and
up to 100% when DoS or suddenly popular pages happened. That was the
one-sided caching benefit from Wikipedias' own reverse-proxy *after* the
ISP hosted forward-proxies around the world had already soaked up a
large portion of the traffic.
 HTTP caching is a cooperative effort between browser caches, ISP
forward proxies and CDN reverse-proxies to reduce the total bandwidth
load placed on the Internet cables, routers, servers. The way HTTPS is
designed to operate the only option those ISP have to reduce the traffic
and costs in their section of the Interpet is to SSL-bump or to start
limiting their users traffic far more than thay already do in most places.

Amos

> 
> Best regards,
> Raf
> 
> -----Original Message-----
> From: Derek Jones
> 
> Hi,
> 
> What is the point of adding ssl bumping to your configuration in squid? I've got squid configured without ssl bumping and I can make https connections just fine. Why would anyone need to use the ssl bumping feature?
> 
> Thanks,
> Derek
> 





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux