[squid-dev] TLS proxy-server connection optimization

Vishali Somaskanthan vishali.somaskanthan at viptela.com
Tue Jul 31 23:00:17 UTC 2018

Hi All,

I am Vishali Somaskanthan. I have been playing around with proxies for
sometime now. I have been experimenting squid for quite a time and my focus
is on the SSL persistence part.

We are planning to qualify if certain optimization can be added at the
SSL/TLS layer. In squid, we have observed that TCP connection persistence
is available. We want to optimize TLS and evaluate if squid to-server TLS
connection can be reused for consecutive requests from multiple clients.

We want to understand the scenarios under which this can be achieved. For
example, for requests coming from same/different clients to same server,
staggered over separate client-squid connections (one after the other).

*Current support in Squid:*

There has been a detailed discussion on this in the general forum on the
trials with respect to the above mentioned scenario. http://squid-web-pro

This is my observed behavior with Squid.

   - If I peek @step1 and bump@ step2 -> The connections are pinned.
   Client-squid SSL+TCP termination results in squid-server SSL+TCP

   - If I peek @step1 and splice@ step2 -> The connections are **not**
   pinned as such. However, Client-squid SSL+TCP termination results in
   squid-server SSL+TCP termination.

Please provide any insights on whether this is going to be a valid
optimization and if we can come up with a set of rules where this could

Vishali Somaskanthan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20180731/75c153e7/attachment.html>

More information about the squid-dev mailing list