On 29.12.17 12:38, Sekar Duraisamy wrote:
"To cache encryption protected content you must first remove the
encryption. That destroys the "anonymous" part completely."
Could you please provide little more details about this line about it
destroys the anonymous while we decrypt the encryption and enable
caching for https?
the whole point of SSL and HTTPS is that nobody between client (browser) and
the final server knows what's inside. This logically prevents caching, since
you can not know what is the content you are transferring, so you can't know
if you can provide the contant from cache.
you need to break into https - behave as the final server, provide your
own certificate instead (because you can't fake the real server's) and look
into content.
Note that many clients will complain about your certificate - you need to
import your proxy's certificate to clients' browsers to avoid that,
and still, some clients will detect that they are not communicating to
final server and refuse to work (this has been reported a few times here).
https caching for anonymous proxy is not recommended?
your customer may look anonymous to the world (hidden behind your proxy)
even without breaking HTTPS.
But by decrypting https they will lose privacy.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
