Re: [squid-users] Re: squid with qlproxy on fedora 20 not working for https traffic

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 14 Jun 2014 13:02:02 +1200

On 14/06/2014 4:44 a.m., MrErr wrote:
> So if i want to ssl_bump only google, will the following statements work?
>
> acl https_targets dstdomain .google.com
> ssl_bump server-first https_targets
>
> I already tried it, and they don't seem to work. What would be a working
> configuration if i wanted only google.com to be bumped?

Identify all the IP addresses used by Google and create a dst ACL from them.

>
> ssl_bump server-first all, works but it bogs down squid and this slows down
> the internet.

The price of TLS is increased resource usage and slower traffic. The use
of a proxy to decrypt and re-encrypt along the way doubles the
requirements and halves the speed.

Amos
Received on Sat Jun 14 2014 - 01:02:23 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 14 2014 - 12:00:04 MDT