On 05/04/11 20:01, Víctor José Hernández Gómez wrote:
> Dear squid users,
>
> we remember to have measured the percentage of bandwitch devoted to SSL
> in our squid installation, and it was about 10 percent of total traffic.
>
> SSL is not cacheable, and I think its use is increasing. I wonder if
> there is any experience with squid software using SSL engines (hardware
> devices) via openssl to get a better behaviour (that is, better
> perfomance) of SSL traffic.
What do you think Squid would do with such hardware? HTTPS traffic is
encrypted/decrypted by the client and server. Squid just shuffles their
pre-encrypted bytes to and fro.
>
> Any other idea regarding SSL treatment would be very welcome (parameter
> tuning either on SO, squid, or openssl, etc..)
If Squid is peritted to see the HTTP reuqets inside the SSL they are
usually as cacheable as non-SSL requests.
Please help us encourage the browser developers to make SSL links to a
trusted SSL-enabled proxy and pass the requests to it. Then we can all
benefit from improved HTTPS speeds.
For now the tunneling Squid perform as good as non-caching proxies. Or
in situations where ssl-bump feature can be used they work slower but
with cache HITs being possible.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.12 Beta testers wanted for 3.2.0.6Received on Tue Apr 05 2011 - 08:31:42 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 05 2011 - 12:00:02 MDT