[squid-users] How to enable OCSP stapling for squid 3.5

GoGo net focusnetgogo at gmail.com
Thu Dec 3 12:01:47 UTC 2015


Hi, Amos,

I am really appreciated for you quick reply.

Many thanks for your information. I will consider if I will post a RFI.


> On Dec 3, 2015, at 6:39 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> 
> On 3/12/2015 11:21 p.m., GoGo net wrote:
>> Hi, cool guys,
>> 
>> I am running a squid 3.5 on Ubuntu 14.04 as proxy server through https_port 443 (not http_port):
>> 
>>> client —> (https_prot:443) squid  —> Internet
>> 
>> Basically speaking, it works well. But TLS brings in some performance overhead. 
>> Currently, I am planning to enable OCSP stapling to speed up handshake. I have searched squid configuration doc, did NOT find anything helpful. So my question is:
>> 
>> ** Does squid 3.5 support OCSP stapling (between client and squid)? If yes, can anyone provide an example? **
>> 
> 
> Squid does not currently support OCSP in any way. Sorry.
> 
> There is some work towards checking revocation better, but that is
> focusing on the outgoing Squid->server connections.
> 
> Since the TLS infrastructure within Squid is undergoing a stabilization
> currently we are a little distracted with solving the existing issues
> with SSL-Bump functionality. OCSP and similar extension features are not
> really on the roadmap.
> 
> If this is an important fature for you I suggest finding/funding someone
> to do the development - a list of Support Services can be found on the
> Squid website and you are free to post a RFI to the squid-dev mailing
> list to see if anyone already familiar with the code wants to pick up a
> contract.
> 
> Amos
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list