[squid-users] Secure Web Proxy Stress Testing

Panagiotis Bariamis akismpa at gmail.com
Tue Apr 10 19:14:22 UTC 2018


Thank you for the clarification.

On Tue, Apr 10, 2018, 21:11 Alex Rousskov <rousskov at measurement-factory.com>
wrote:

> On 04/10/2018 11:24 AM, Panagiotis Bariamis wrote:
> > Thank you for your answer  but as far as I can understand this setup is
> > for a regular proxy that just proxies https protocol with http connect
> > headers (unencrypted traffic between client and proxy on http connect
> > request ) .
>
> Your understanding is incorrect: All the traffic between the client and
> the proxy is encrypted in that test.
>
>
> > Secure web proxy encrypts traffic between client and proxy
>
> Yes, and that is what the Polygraph workload sketch tests. The Squid
> port for that workload is an https_port, not an http_port.
>
>
> > meaning that you have an http connect request inside a tls tunnel.
>
> Yes, if the origin server is talking TLS. Just like a regular HTTP
> proxy, an HTTPS proxy can proxy both plain and encrypted origin server
> traffic. The latter requires a CONNECT tunnel. Whether the origin server
> talks HTTP or HTTPS is a separate variable/issue, unrelated to whether
> the client-proxy communication itself is secured.
>
> Polygraph supports HTTPS proxies and HTTPS servers. IIRC, Polygraph v5
> supports the combination of the two: TLS inside TLS (because HTTP/2
> support essentially required that). I am not sure about Polygraph v4.
> The workload I sketched uses HTTPS proxies and plain origin servers.
>
>
> HTH,
>
> Alex.
>
>
>
> > On Tue, Apr 10, 2018, 17:22 Alex Rousskov wrote:
> >
> >     On 04/10/2018 06:31 AM, Panagiotis Bariamis wrote:
> >     > Is there any stress testing tool to test with a load of 1k to 5k
> >     > simultaneous connections ?
> >
> >     Web Polygraph (www.web-polygraph.org <http://www.web-polygraph.org>)
> >     supports HTTPS proxies and can
> >     create thousands of concurrent connections. Below is a PGL
> configuration
> >     snippet from a recent HTTPS proxy test in our lab.
> >
> >     HTH,
> >
> >     Alex.
> >
> >
> >     SslWrap sslWrap = {
> >         ssl_config_file = "openssl.conf";
> >         root_certificate = "CA-priv+pub.pem";
> >         session_resumption = 70%;
> >         session_cache = 100;
> >     };
> >
> >     Server S = {
> >         // no ssl_wraps here unless you want to test TLS inside TLS
> >         ...
> >     };
> >
> >     Proxy P = {
> >         addresses = [ ... HTTPS proxy address ... ];
> >         ssl_wraps = [ sslWrap ]; // this is an HTTPS proxy
> >     };
> >
> >     Robot R = {
> >         ssl_wraps = [ sslWrap ]; // an HTTPS-capable client
> >
> >         origins = S.addresses;
> >         http_proxies = P.addresses;
> >
> >         ...
> >     };
> >
> >     use(S,P,R);
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180410/79de0370/attachment-0001.html>


More information about the squid-users mailing list