[squid-users] HTTPS cache for Java application - only getting TCP_MISS

Antony Stone Antony.Stone at squid.open.source.it
Thu Jun 14 08:25:54 UTC 2018


On Thursday 14 June 2018 at 09:09:05, Tomas Finnøy wrote:

> > Surely all this peeking and bumping is only needed if you're running
> > Squid in interception mode, whereas you've said that you've configured
> > your Java application to explicitly use Squid as a proxy?
> 
> I found some "how-to's" and posts that were explaining how to make a https
> cache proxy, and they were all mentioning bumping. Isn't the bump needed
> to decrypt the response, so it is possible to store it in the cache?

No, because when you explicitly configure a browser (or in your case a Java 
application) to use a proxy, it sends a request to the proxy saying "please go 
and fetch something from this URI for me", and Squid then does all the HTTPS 
negotiations needed to talk to the remote server.  What Squid gets back is the 
plain unencrypted content, which it can then pass on to the browser (or 
application), and if it's allowed to (by whatever it finds in the headers of 
the response) it can also cache it.

> I dont need any acl with peek and bump for my scenario at all, is what you
> are saying?

Correct.

> > Have you tried your Squid configuration with a plain browser, configured
> > to use the proxy, with (a) a few random websites, and (b) the specific
> > resource you're trying to access from your Java application, to see
> > whether it is actually working as a caching proxy?
> 
> No. And something I will do now. Thanks for tips.

No problem.  Just suggesting "start simple" before moving on to several 
complex things interacting with each other...

> Sorry for the messy formatting here, but I didnt get your responses to my
> mail. I only saw it in the archives and copied it over to my mail here....

Hm, odd, I see my reply on the list just as normal.


Antony.

-- 
I thought of going into banking, until I lost interest.

                                                   Please reply to the list;
                                                         please *don't* CC me.


More information about the squid-users mailing list