[squid-dev] TLS proxy-server connection optimization

Alex Rousskov rousskov at measurement-factory.com
Tue Jul 31 23:29:42 UTC 2018

On 07/31/2018 05:00 PM, Vishali Somaskanthan wrote:
> If I peek @step1 and splice@ step2 -> The connections are **not** pinned
> as such. However, Client-squid SSL+TCP termination results in
> squid-server SSL+TCP termination.

Why does Squid close the (not pinned) Squid-to-server connection in this
case? What code/condition triggers that closure in your tests?

> Please provide any insights on whether this is going to be a valid
> optimization and if we can come up with a set of rules where this
> could apply.

With enough information/analysis, we should be able to correctly
evaluate your proposal, but that proposal will have to be a lot more
specific than "We want to optimize TLS and evaluate if squid to-server
TLS connection can be reused for consecutive requests from multiple
clients". My question above is a (small) step towards formulating a
specific "We want to change Squid to do X instead of Y" proposal.

Thank you,


More information about the squid-dev mailing list