Amos Jeffries writes: > On 25/07/2016 10:34 p.m., Henry S. Thompson wrote: >> Standard squid config only logs one CONNECT line for any https >> transaction. What is being counted/timed by the reported bytes and >> duration fields in that line? >> >> I'm guessing it's the total time taken and total bytes delivered to the >> client by any and all transactions in the course of the TLS connection >> established by that CONNECT, but I can't find anything in the log >> documentation which confirms that. > > Yes. There is no HTTPS or TLS as far as Squid is concerned. (In modern > traffic you are also very likely to be wrong about it being HTTPS or TLS > on port 443. The (browser?) URL saying "https://" does not make it HTTPS > inside the tunnel). Indeed, understood > An HTTP CONNECT message with opaque data is all Squid sees. Its duration > is how long it takes, and the opaque data is the size it is. Thanks for your reply, but this part leaves me confused. The CONNECT message itself is short, as is the likely reply, and presumably doesn't take long to process. But the times and sizes I'm seeing are long/big, so it doesn't seem likely that they are the time and size of the response to the CONNECT as such, which is what you appear to be saying above... That is, what is the 'it' you refer to in your final sentence? ht -- Henry S. Thompson, School of Informatics, University of Edinburgh 10 Crichton Street, Edinburgh EH8 9AB, SCOTLAND -- (44) 131 650-4440 Fax: (44) 131 650-4587, e-mail: ht@xxxxxxxxxxxx URL: http://www.ltg.ed.ac.uk/~ht/ [mail from me _always_ has a .sig like this -- mail without it is forged spam] _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users