[squid-dev] Piping existing SSL session into squid SSL session cache

Florian Schüttler florian.schuettler at fscr.de
Wed Apr 27 19:01:51 UTC 2016


Dear developers,

I am trying to evaluate a special use case for which I would appreciate
some advice on implementation issues.

I have a scenario in which clients (<10) are connected to a server using
an application protocol inside a TLS connection. These clients should
now be able to reuse the existing TLS session for a TLS connection to
Squid running on the same server by passing the session (e.g. using two
OpenSSL s_client instances and parameter -sess_out resp. -sess_in). That
would save an expensive key exchange operation. So far, my application
server writes the session info to a named pipe when the handshake is
completed using OpenSSL's PEM_write_SSL_SESSION().

I would now like to implement a feature in Squid which periodically
reads the pipe and adds this session information to the staticSslContext
in Squid using PEM_read_SSL_SESSION(). Ideally, this would integrate
into the event scheduling infrastructure (commEngine?) and not just be
hacked into the main loop, but I can not find easy documentation about
how to achieve this. Can anyone give me some pointers?

Best regards,
Florian Schüttler


More information about the squid-dev mailing list