[squid-users] persistent connections not being utilized with Chrome

Alex Rousskov rousskov at measurement-factory.com
Mon Jan 15 21:39:57 UTC 2018


On 01/15/2018 02:12 PM, Brian J. Murrell wrote:
> On Mon, 2018-01-15 at 13:48 -0700, Alex Rousskov wrote:
>>
>> both transparent and forward/explicit proxies have approximately the same
>> support for HTTPS. In other words, if you find a forward/explicit
>> proxy useful for HTTPS, then a transparent proxy can be used similarly.

> And can be done *WITHOUT* doing a MitM attack on my users?

The answer depends on what you want the proxy to do, but proxy abilities
rarely depend on the proxy deployment mode (transparent or
explicit/forward) in this context.

Neither transparent nor explicit/forward proxy can decrypt traffic
without MitM attacks, of course. I have interpreted your earlier
response as essentially saying that, in the "TLS Everywhere" world, you
find explicit/forward proxy useful but a transparent proxy useless.
Since both can do approximately the same things, the statement did not
compute for me.

Alex.


More information about the squid-users mailing list