On 02/08/2010 03:21 PM, Dimitri Syuoul wrote:
> I want to give a show to the SSL Bump feature that we have long
> awaited on 3.1 . Id like to know how advanced/tested this feature is
> in currently to know if there is a chance I can begin using it on
> production environment.
I believe the basic SSL Bump feature in Squid v3.1 is relatively well
tested. It has been around for a while. I am not aware of any open bugs
(but have not checked recently). Its usability is rather limited because
of the frequent certificate warnings though.
The Dynamic Certificate Generation feature (to be submitted to squid-dev
for review in a few days) that eliminates site certificate warnings is
new. It is unlikely to be added to the official Squid 3.1 releases
because v3.1 is in feature-freeze state. This feature has passed all our
functionality tests but may have failed one performance overload test. I
would not recommend deploying it without testing, including performance
testing, so that you can size and configure everything correctly for
your specific environment.
HTH,
Alex.
Received on Tue Feb 09 2010 - 02:26:09 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 09 2010 - 12:00:04 MST