On 04/10/2018 11:24 AM, Panagiotis Bariamis wrote: > Thank you for your answer but as far as I can understand this setup is > for a regular proxy that just proxies https protocol with http connect > headers (unencrypted traffic between client and proxy on http connect > request ) . Your understanding is incorrect: All the traffic between the client and the proxy is encrypted in that test. > Secure web proxy encrypts traffic between client and proxy Yes, and that is what the Polygraph workload sketch tests. The Squid port for that workload is an https_port, not an http_port. > meaning that you have an http connect request inside a tls tunnel. Yes, if the origin server is talking TLS. Just like a regular HTTP proxy, an HTTPS proxy can proxy both plain and encrypted origin server traffic. The latter requires a CONNECT tunnel. Whether the origin server talks HTTP or HTTPS is a separate variable/issue, unrelated to whether the client-proxy communication itself is secured. Polygraph supports HTTPS proxies and HTTPS servers. IIRC, Polygraph v5 supports the combination of the two: TLS inside TLS (because HTTP/2 support essentially required that). I am not sure about Polygraph v4. The workload I sketched uses HTTPS proxies and plain origin servers. HTH, Alex. > On Tue, Apr 10, 2018, 17:22 Alex Rousskov wrote: > > On 04/10/2018 06:31 AM, Panagiotis Bariamis wrote: > > Is there any stress testing tool to test with a load of 1k to 5k > > simultaneous connections ? > > Web Polygraph (www.web-polygraph.org <http://www.web-polygraph.org>) > supports HTTPS proxies and can > create thousands of concurrent connections. Below is a PGL configuration > snippet from a recent HTTPS proxy test in our lab. > > HTH, > > Alex. > > > SslWrap sslWrap = { > ssl_config_file = "openssl.conf"; > root_certificate = "CA-priv+pub.pem"; > session_resumption = 70%; > session_cache = 100; > }; > > Server S = { > // no ssl_wraps here unless you want to test TLS inside TLS > ... > }; > > Proxy P = { > addresses = [ ... HTTPS proxy address ... ]; > ssl_wraps = [ sslWrap ]; // this is an HTTPS proxy > }; > > Robot R = { > ssl_wraps = [ sslWrap ]; // an HTTPS-capable client > > origins = S.addresses; > http_proxies = P.addresses; > > ... > }; > > use(S,P,R); > _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
