Hi, Amos Jeffries wrote, > > What do you think? What might be a solution to this problem? I can't > > restart squid when changing the ACL rules, because then all users in > > the network would be disconnected. > > You could set the request_timeout to be short. This would make the > CONNECT requests terminate after a few minutes. Will try that. > You could also use SSL-bump feature in Squid. This has a double benefit > of allowing the control software acting on the HTTPS requests and > preventing SPDY etc. being used by the browser. This is not wanted by my boss. Probably because of ethical reasons. If a user uses https, he normally believes his traffic is secure and we want that this is the case. Going back to the initial problem, slow NTLM authentications with newer browsers. Would it be worth to switch completely to Negotiate? Or is it possible to cache the NTLM authentication results, so that Squid does not need to fork a ntlm auth helper on every request? Thanks Waldemar