On 07/02/2018 05:34 PM, Vishali Somaskanthan wrote: > I am trying out SSL Bump for my connections from Squid to server and > trying to put along server persistent connections as well. I would like > to know how squid behaves with both of these turned on?? In modern Squids, all(*) bumped SSL client HTTP requests (from client connection C) should use the corresponding bumped connection to the server (S). After the first HTTP request, if more requests arrive on connection C, and they are all regular/basic requests, then they can all go through connection S. Once HTTP rules, timeouts, or other factors prohibit connection S or connection C reuse, Squid should close both connections. Please note that I do not know whether Squid correctly forces all(*) HTTP requests on connection C to connection S, but it should. If it does not, file a bug report. Same for closing connection C when connection S becomes unusable. > I see info in the squid wiki page that SSL Bump creates fake CONNECT > requests and Peeking at Step1 creates another CONNECT request. Peeking or staring may indeed produce internal fake CONNECT requests, but they are unrelated to your question. They are used internally to handle the client TLS connection and for giving adaptation services a say in the matter. Persistency is an HTTP term that is applied to what happens _after_ the TLS connections is bumped. (Also, peeking is a part of the SslBump feature -- they are not two different actions or stages as "and" in your summary implies). HTH, Alex. P.S. (*) "all" should be interpreted as "all that need a server connection" here -- pure cache hits, adaptation-satisfied requests, and probably some erroneous requests (e.g., those blocked by http_access rules?) do not use the server connection. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
