[squid-users] HTTPS cache for Java application - only getting TCP_MISS

Alex Rousskov rousskov at measurement-factory.com
Thu Jun 14 21:25:10 UTC 2018

On 06/14/2018 01:32 PM, baretomas wrote:

> On 14 June 2018 1:25 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>> 2.  if you have enough control of the apps to get them connecting with
>>     TLS to the proxy and sending their requests there. Do that.

You are not doing this if your Squid receives CONNECT requests. If you
can get your apps to do the right thing, then Squid would be receiving
GET requests (and such) with https:// URLs instead of CONNECT requests.

>> 3.  the (relatively) complicated SSL-Bump way you found. The proxy is
>>     fully at the mercy of the the messages sent by apps and servers.

You are doing this right now. Some Java magic encrypts your app requests
and sends encrypted requests through Squid via CONNECT tunnels. You bump
those encrypted tunnels to get to the HTTP requests and cache responses.


> According to the java docs, the https_proxy (-Dhttps.proxyHost and
> -Dhttps.proxyPort should redirect all ssl traffic to that destination.)

More information about the squid-users mailing list