Search squid archive

Re: FW: squid 3.3.10 always gives TCP_MISS for SSL requests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 26/08/2014 3:29 p.m., Lawrence Pingree wrote:
> I'm not sure if this is right or not, but wouldn't your refresh patterns
> need to have the "ignore-private" to cache ssl? Amos may know better, but I
> don't see that option specified in your "All Files" refresh_patterns.

HTTPS is not particularly private in the HTTP sense. It is just regular
HTTP traffic wrapped in underlying transport security encryption. It
does have a security scope difference from HTTP as to though due to that
encryption.

That scope difference is handled by the URL scheme portion. For example
Squid must not and will not HIT on a http:// URL in cache for https://
request of otherwise identical URL, and vice versa.

>From the administrative viewpoint there is a higher risk with HTTPS of
application designers breaking things and making vulnerable software
simply by not understanding the above. There is high pressure to get
privacy protection right with "insecure" http:// but weak for "secure"
https:// on things like OAuth traffic and eCommerce checkout pages where
they should have sent Cache-Control:private or no-store regardless.

Amos





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux