[squid-users] transparent https with delay

Yurii Kirychuk yurakirychuk at gmail.com
Mon Feb 10 11:32:34 UTC 2020


Is it normal that a secure connection to the site is delayed by 10-15
seconds?
squid 4.10, transparent http/https

squid.conf
acl localnet src 10.3.198.0/24

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

acl blackmails dstdom_regex "/etc/squid/blackmailssl"

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access deny blackmails

http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

dns_nameservers 10.3.198.254 10.3.105.2 10.3.100.2
dns_v4_first on

http_port 10.3.198.226:3128
http_port 10.3.198.226:3129 intercept
https_port 10.3.198.226:3130 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=8MB
connection-auth=off tls-cert=/etc/squid/squidCA.pem

tls_outgoing_options options=NO_SSLv3

acl blackmailssl ssl::server_name_regex "/etc/squid/blackmailssl"
acl step1 at_step SslBump1

sslcrtd_program /usr/lib/squid/security_file_certgen -s
/usr/lib/squid/ssl_db -M 8MB

ssl_bump peek step1
acl blackmailssl ssl::server_name_regex "/etc/squid/blackmailssl"
ssl_bump splice !blackmailssl
ssl_bump terminate all

cache_dir ufs /var/spool/squid 10240 16 256
maximum_object_size 1024 KB

coredump_dir /var/spool/squid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200210/3bbbd6eb/attachment.html>


More information about the squid-users mailing list