[squid-dev] Patches proposal

Alex Rousskov rousskov at measurement-factory.com
Thu Feb 18 17:27:52 UTC 2016


On 02/18/2016 05:48 AM, Eliezer Croitoru wrote:

> However I do see one specific issue with a DISK and Redis DB.
> If for any reason the site headers will contain HSTS rules and the Redis
> DB(mem only..) will be restarted then the certificate would be different
> and the client will probably(to my understating) get some nice error
> page from the browser.


Two modern identically-configured Squids generate identical fake
certificates when mimicking identical real certificates so losing a
certificate cache is not a functionality issue, just a performance penalty.

[ Besides robust caching support, stable certificates are essential for
Squid clusters where independent Squid instances have to generate
identical fake certificates for all clients going to the same origin
server. ]

Alex.



More information about the squid-dev mailing list