On 18/03/2014 8:27 a.m., Rafael Akchurin wrote: > To filter the contents of HTTPS . E.g. enforce YouTune Safe Search on all your devices, etc. * malware scanning. * bandwidth reduction from caching of HTTPS objects same as HTTP ones (though separately). HIT ratio for HTTPS is smaller than for HTTP these days but still significantly non-zero. * performance optimization from reducing TLS load on the backend servers. One of the big benefits of caching in HTTP that is being ignored by the "TLS everywhere" crowd with their apparent hatred of middleware, is that middleware caches soak up a significant amount of DDoS traffic in HTTP. The stats from Wikipedia a few years back showed that over 95% of the client traffic was being served from their Squid farm as a baseline and up to 100% when DoS or suddenly popular pages happened. That was the one-sided caching benefit from Wikipedias' own reverse-proxy *after* the ISP hosted forward-proxies around the world had already soaked up a large portion of the traffic. HTTP caching is a cooperative effort between browser caches, ISP forward proxies and CDN reverse-proxies to reduce the total bandwidth load placed on the Internet cables, routers, servers. The way HTTPS is designed to operate the only option those ISP have to reduce the traffic and costs in their section of the Interpet is to SSL-bump or to start limiting their users traffic far more than thay already do in most places. Amos > > Best regards, > Raf > > -----Original Message----- > From: Derek Jones > > Hi, > > What is the point of adding ssl bumping to your configuration in squid? I've got squid configured without ssl bumping and I can make https connections just fine. Why would anyone need to use the ssl bumping feature? > > Thanks, > Derek >
