Hi, Amos, I am really appreciated for you quick reply. Many thanks for your information. I will consider if I will post a RFI. > On Dec 3, 2015, at 6:39 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > > On 3/12/2015 11:21 p.m., GoGo net wrote: >> Hi, cool guys, >> >> I am running a squid 3.5 on Ubuntu 14.04 as proxy server through https_port 443 (not http_port): >> >>> client —> (https_prot:443) squid —> Internet >> >> Basically speaking, it works well. But TLS brings in some performance overhead. >> Currently, I am planning to enable OCSP stapling to speed up handshake. I have searched squid configuration doc, did NOT find anything helpful. So my question is: >> >> ** Does squid 3.5 support OCSP stapling (between client and squid)? If yes, can anyone provide an example? ** >> > > Squid does not currently support OCSP in any way. Sorry. > > There is some work towards checking revocation better, but that is > focusing on the outgoing Squid->server connections. > > Since the TLS infrastructure within Squid is undergoing a stabilization > currently we are a little distracted with solving the existing issues > with SSL-Bump functionality. OCSP and similar extension features are not > really on the roadmap. > > If this is an important fature for you I suggest finding/funding someone > to do the development - a list of Support Services can be found on the > Squid website and you are free to post a RFI to the squid-dev mailing > list to see if anyone already familiar with the code wants to pick up a > contract. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
