[squid-users] Squid 2.7.s9 HTTPS-proxying - hint welcome

[Amos Jeffries]

On 18/08/2016 3:23 a.m., Torsten Kühn wrote:
> Dear Mailing List,
> 
> older Squid versions have been obsoleted by 3.X and 4.X, I (barely)
> dare to ask a 2.X-related question ... For particular reasons, I am
> forced to stuck with 2.X

Then you cannot decrypt the HTTPS in order to cache it. Squid older than
3.2 simply do not have any of the functionality to do so.

> my cache contains objects since 2010, of
> personal value.

Cache is not an archive. Everything in a cache is by definition *not*
valuable and subject to be erased at any time. That is why it is called
caching and not archiving.

FYI, your "of personal value" data is at high risk of being erased with
every request sent through that proxy, even though it is in an old Squid.


> Due to small bandwith (ISDN speed), I use Squid
> as a "buffer" for offline browsing, objects are reloaded on request
> only (Ctrl-R/ F5).

NO version of Squid provides that guarantee.

...
> 
> OR, is it possible - by contrast to the step from Squid 1.X to 2.X - that
> the cache objects' file format did not change since 2.X, which would allow
> to use my (precious) objects with, e.g. Squid 3.5? There is a 3.5.19 build
> on http://archive.raspbian.org/raspbian/pool/main/s/squid3/, but the
> respective dependencies cannot be resolved yet.

We have done some fundamental data-integrity changes to the swap.state
journal format since 2.7. But that alone is nothing serious - after
upgrade Squid should discard the old swap.state file and do a "DIRTY"
cache scan to rebuild the journal in the new format.

I don't recall the format of the objects themselves being changed. It is
just a simple TLV chain followed by the HTTP response object/payload.
Though it might have, so testing is recommended just to be sure.

Amos