On 3/23/21 2:10 AM, Vignesh Ramessh wrote: > Currently am running squid version 4.14 on RPi3. > Trying to cache https responses with cache-control:max-age headers > available, > using ssl bump - peek n splice feature with examples available in this > link :- https://elatov.github.io/2019/01/using-squid-to-proxy-ssl-sites/ ssl_bump peek step1 ssl_bump bump all ssl_bump splice all AFAICT, the above "bump all during step2" configuration (the last line does not do anything and should be removed) should bump all traffic. Is that your configuration? > But the https caching doesnt seem to work, https connections are getting > established as TCP_TUNNEL/200 in squid access logs. Do you see non-CONNECT HTTP traffic (e.g. GET, POST, etc.) in access log? If not, then Squid is not bumping traffic OR the client does not like what Squid is doing. Please post your http*_port and ssl_bump configuration with access.log lines corresponding to a single test transaction that you think should be bumped. Also, does the client (e.g. curl, wget, or browser) get an error from Squid? Does the client display any kind of warning or error at all? What certificate does the client show for the test connection? > I wasnt able to find any proper documentation on https caching using squid. What you call "HTTPS caching" consists of two virtually independent actions: Bumping HTTPS connections and caching. Documentation exists for each action. Currently, it sounds like the first action (bumping) is not working in your setup. Until that is addressed, you can ignore the caching part. HTH, Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
