Ok I'm understanding ! Finally I'm going to change strategy, if it isn't possible to decrypt HTTPS without warning for client, I shall make differently. So there is two solutions, the first one is to use Squid without deciphering SSL request. So Amos you explained that but I don't understand what bugs is encountered. So in this case, how can I configure Squid ? I didn't find example and I have already asked for that but i was told it would be impossible, but they were not sure. The second solution consists in not using Squid, but to apply a QoS differently, but I need a QoS like the Squid delay pool, do you know if it is possible ? Alex you already spoken to me about LARTC, but I need to find a solution quickly, so I fear that it was too long to understand the Linux QoS possibilities. Regards. 2014-06-02 10:06 GMT-04:00 Antoine Klein <klein.anto@xxxxxxxxx>: > Ok I'm understanding ! > > Finally I'm going to change strategy, if it isn't possible to decrypt HTTPS > without warning for client, I shall make differently. > > So there is two solutions, the first one is to use Squid without deciphering > SSL request. So Amos you explained that but I don't understand what bugs is > encountered. So in this case, how can I configure Squid ? I didn't find > example and I have already asked for that but i was told it would be > impossible, but they were not sure. > > The second solution consists in not using Squid, but to apply a QoS > differently, but I need a QoS like the Squid delay pool, do you know if it > is possible ? Alex you already spoken to me about LARTC, but I need to find > a solution quickly, so I fear that it was too long to understand the Linux > QoS possibilities. > > Regards. > > > 2014-05-31 12:54 GMT-04:00 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > >> On 1/06/2014 3:49 a.m., Alex Crow wrote: >> <snip> >> > >> > But given all you really need is QoS, why don't you either (a) dispense >> > with Squid and just to QoS on the firewall for your Wifi subnet or (b) >> > put a transparent firewall between your clients and the Squid server >> > that does QoS? Or just see if Squid delay pools work for SSL (I think >> > they *do*, the traffic still passes via Squid as a CONNECT request - >> > it's just that Squid can't "see" or proxy the plaintext content.) >> > >> I second all of the above. In particular that the built-in QoS features >> of the firewall or router device neworking config is far better place to >> be doing the delay actions than Squid. >> >> In regards to delay pools and HTTPS. As far as I know the pools work >> without decrypting, although you may encounter one of a handful of bugs >> which trigger over or under counting of bytes (depending on the bug >> hit). So you may need a special delay pool configured with a hack on the >> speed value of port 443 traffic to make the user-visible speed what they >> expect. >> >> Amos >> > > > > -- > Antoine KLEIN -- Antoine KLEIN
