On 3/12/2015 11:21 p.m., GoGo net wrote: > Hi, cool guys, > > I am running a squid 3.5 on Ubuntu 14.04 as proxy server through https_port 443 (not http_port): > >> client —> (https_prot:443) squid —> Internet > > Basically speaking, it works well. But TLS brings in some performance overhead. > Currently, I am planning to enable OCSP stapling to speed up handshake. I have searched squid configuration doc, did NOT find anything helpful. So my question is: > > ** Does squid 3.5 support OCSP stapling (between client and squid)? If yes, can anyone provide an example? ** > Squid does not currently support OCSP in any way. Sorry. There is some work towards checking revocation better, but that is focusing on the outgoing Squid->server connections. Since the TLS infrastructure within Squid is undergoing a stabilization currently we are a little distracted with solving the existing issues with SSL-Bump functionality. OCSP and similar extension features are not really on the roadmap. If this is an important fature for you I suggest finding/funding someone to do the development - a list of Support Services can be found on the Squid website and you are free to post a RFI to the squid-dev mailing list to see if anyone already familiar with the code wants to pick up a contract. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
