[squid-users] Delay pools in squid4 not working with https

Amos Jeffries squid3 at treenet.co.nz
Thu Jul 12 22:52:37 UTC 2018 

On 12/07/18 11:39, Julian Perconti wrote:
>>>
>>> El ‎martes‎, ‎10‎ de ‎julio‎ de ‎2018‎ ‎18‎:‎57‎:‎43‎ ‎-03, Alex Rousskov escribió: 
>>>
>>>
>>> On 07/10/2018 01:50 PM, Paolo Marzari wrote:
>>>> My home server just updated from 3.5.27, everything is working fine, but
>>>> delay pools seems broken to me.
>>>
>>>> Revert to 3.5.27 and delays works again with every type of traffic.
>>>>
>>>> I think there's something wrong with https traffic.
>>>
>>> You are probably right. A few days ago, while working on an unrelated
>>> project, we have found a bug in delay pools support for tunneled https
>>> traffic. That support was probably broken by v4 commit 6b2b6cf. We have
>>> not tested v3.5, so I can only confirm that v4 and v5 are broken.
>>>
>>> The bug will be fixed as a side effect of "peering support for SslBump"
>>> changes that should be ready for the official review soon. If you would
>>> like to test our unofficial branch, the code is available at
>>> https://github.com/measurement-factory/squid/tree/SQUID-360-peering-for-SslBump
>>>
>>>
>>> HTH,
>>>
>>> Alex.
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> http://lists.squid-cache.org/listinfo/squid-users
> 
> I can confirm that delay_pools works fine both http and https protocols in squid 4 running debian 9 
> 
> Squid Cache: Version 4.1 

When I looked at the code for Paolos report I found there to be a
difference between SSL-Bumped and non-Bumped traffic.

This hints to me that these opposite reports may due to how the traffic
is being handled.

So Julian, Paolo; if you don't mind can you please say whether you are
using SSL-Bump in your tests and if so whether the test traffic got
splice'd, bump'ed or no SSL-Bump feature use at all ?


There might also still be bugs specific to pool types. We have had a few
in the past that I'm not sure if ever got fixed. Though Paolo's mention
that 3.5 worked okay hints that its probably not those exact issues.


Amos

More information about the squid-users mailing list