[squid-users] How to enable OCSP stapling for squid 3.5
Amos Jeffries
squid3 at treenet.co.nz
Thu Dec 3 10:39:03 UTC 2015
On 3/12/2015 11:21 p.m., GoGo net wrote:
> Hi, cool guys,
>
> I am running a squid 3.5 on Ubuntu 14.04 as proxy server through https_port 443 (not http_port):
>
>> client —> (https_prot:443) squid —> Internet
>
> Basically speaking, it works well. But TLS brings in some performance overhead.
> Currently, I am planning to enable OCSP stapling to speed up handshake. I have searched squid configuration doc, did NOT find anything helpful. So my question is:
>
> ** Does squid 3.5 support OCSP stapling (between client and squid)? If yes, can anyone provide an example? **
>
Squid does not currently support OCSP in any way. Sorry.
There is some work towards checking revocation better, but that is
focusing on the outgoing Squid->server connections.
Since the TLS infrastructure within Squid is undergoing a stabilization
currently we are a little distracted with solving the existing issues
with SSL-Bump functionality. OCSP and similar extension features are not
really on the roadmap.
If this is an important fature for you I suggest finding/funding someone
to do the development - a list of Support Services can be found on the
Squid website and you are free to post a RFI to the squid-dev mailing
list to see if anyone already familiar with the code wants to pick up a
contract.
Amos
More information about the squid-users
mailing list