Re: [squid-users] SSL traffic

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 05 Apr 2011 20:31:35 +1200

On 05/04/11 20:01, V�ctor Jos� Hern�ndez G�mez wrote:
> Dear squid users,
>
> we remember to have measured the percentage of bandwitch devoted to SSL
> in our squid installation, and it was about 10 percent of total traffic.
>
> SSL is not cacheable, and I think its use is increasing. I wonder if
> there is any experience with squid software using SSL engines (hardware
> devices) via openssl to get a better behaviour (that is, better
> perfomance) of SSL traffic.

What do you think Squid would do with such hardware? HTTPS traffic is
encrypted/decrypted by the client and server. Squid just shuffles their
pre-encrypted bytes to and fro.

>
> Any other idea regarding SSL treatment would be very welcome (parameter
> tuning either on SO, squid, or openssl, etc..)

If Squid is peritted to see the HTTP reuqets inside the SSL they are
usually as cacheable as non-SSL requests.

Please help us encourage the browser developers to make SSL links to a
trusted SSL-enabled proxy and pass the requests to it. Then we can all
benefit from improved HTTPS speeds.

For now the tunneling Squid perform as good as non-caching proxies. Or
in situations where ssl-bump feature can be used they work slower but
with cache HITs being possible.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.6
Received on Tue Apr 05 2011 - 08:31:42 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 05 2011 - 12:00:02 MDT