[squid-users] HTTPS cache for Java application - only getting TCP_MISS
squid3 at treenet.co.nz
Thu Jun 14 11:33:36 UTC 2018
On 14/06/18 07:44, Antony Stone wrote:
> On Wednesday 13 June 2018 at 21:28:27, baretomas wrote:
>> The calls from the application is done using ssl / https by telling java to
>> use Squid as a proxy (-Dhttps.proxyHost and -Dhttp.proxyHost).
> Okay, but...
>> http_port 3128 ssl-bump generate-host-certificates=on
>> # certificate generation program
>> sslcrtd_program /cygdrive/c/squid/lib/squid/ssl_crtd -s
>> /cygdrive/c/squid/var/cache/squid_ssldb -M 4MB
>> acl step1 at_step SslBump1
>> ssl_bump peek step1
>> ssl_bump bump all
> Surely all this peeking and bumping is only needed if you're running Squid in
> interception mode,
Not quite. SSL-Bump is interception of the TLS layer. Regular / forward
/ explicit proxies use it to decrypt the CONNECT messages transporting
HTTPS traffic through tunnels.
> whereas you've said that you've configured your Java
> application to explicitly use Squid as a proxy?
The proxy port and SSL-Bump config is consistent with a SSL-Bumping
I suspect the -Dhttp.proxyHost is probably the Java apps equivalent to
the Linux http_proxy environment variables we are more familiar with
seeing applications use to connect to that type of proxy.
> Have you tried your Squid configuration with a plain browser, configured to use
> the proxy, with (a) a few random websites, and (b) the specific resource you're
> trying to access from your Java application, to see whether it is actually
> working as a caching proxy?
More information about the squid-users