[squid-users] transparent https with delay
Yurii Kirychuk
yurakirychuk at gmail.com
Mon Feb 10 11:32:34 UTC 2020
Is it normal that a secure connection to the site is delayed by 10-15
seconds?
squid 4.10, transparent http/https
squid.conf
acl localnet src 10.3.198.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl blackmails dstdom_regex "/etc/squid/blackmailssl"
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny blackmails
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
dns_nameservers 10.3.198.254 10.3.105.2 10.3.100.2
dns_v4_first on
http_port 10.3.198.226:3128
http_port 10.3.198.226:3129 intercept
https_port 10.3.198.226:3130 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=8MB
connection-auth=off tls-cert=/etc/squid/squidCA.pem
tls_outgoing_options options=NO_SSLv3
acl blackmailssl ssl::server_name_regex "/etc/squid/blackmailssl"
acl step1 at_step SslBump1
sslcrtd_program /usr/lib/squid/security_file_certgen -s
/usr/lib/squid/ssl_db -M 8MB
ssl_bump peek step1
acl blackmailssl ssl::server_name_regex "/etc/squid/blackmailssl"
ssl_bump splice !blackmailssl
ssl_bump terminate all
cache_dir ufs /var/spool/squid 10240 16 256
maximum_object_size 1024 KB
coredump_dir /var/spool/squid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200210/3bbbd6eb/attachment.html>
More information about the squid-users
mailing list