[squid-users] How to enable OCSP stapling for squid 3.5

Amos Jeffries squid3 at treenet.co.nz
Thu Dec 3 10:39:03 UTC 2015

On 3/12/2015 11:21 p.m., GoGo net wrote:
> Hi, cool guys,
> I am running a squid 3.5 on Ubuntu 14.04 as proxy server through https_port 443 (not http_port):
>> client —> (https_prot:443) squid  —> Internet
> Basically speaking, it works well. But TLS brings in some performance overhead. 
> Currently, I am planning to enable OCSP stapling to speed up handshake. I have searched squid configuration doc, did NOT find anything helpful. So my question is:
> ** Does squid 3.5 support OCSP stapling (between client and squid)? If yes, can anyone provide an example? **

Squid does not currently support OCSP in any way. Sorry.

There is some work towards checking revocation better, but that is
focusing on the outgoing Squid->server connections.

Since the TLS infrastructure within Squid is undergoing a stabilization
currently we are a little distracted with solving the existing issues
with SSL-Bump functionality. OCSP and similar extension features are not
really on the roadmap.

If this is an important fature for you I suggest finding/funding someone
to do the development - a list of Support Services can be found on the
Squid website and you are free to post a RFI to the squid-dev mailing
list to see if anyone already familiar with the code wants to pick up a


More information about the squid-users mailing list