[squid-users] ssl_engine
Jonathan Lee
jonathanlee571 at gmail.com
Tue Apr 1 00:56:03 UTC 2025
I got it to work with the Safexcel chip
ssl_engine devcrypto
It has a vast improvement to performance with ssl intercept active and use of certificates. This was like night and day to use my safexcel chip like this.
I am also seeing increments when webpage load with the command
vmstat -i | grep safexcel
THANK YOU Jeffries Amos.
It is no longer noticeable that it is doing ssl interception.
________________________________
From: squid-users <squid-users-bounces at lists.squid-cache.org> on behalf of Amos Jeffries <squid3 at treenet.co.nz>
Sent: Wednesday, March 5, 2025 17:49
To: squid-users at lists.squid-cache.org <squid-users at lists.squid-cache.org>
Subject: Re: [squid-users] ssl_engine
[ answering because nobody else has, I have no direct experience with
that particular setup. ]
On 5/03/25 18:03, Jonathan Lee wrote:
> Hello fellow Squid Users can you please help?
>
> Does anyone know how to set ssl_engine to use devcrypto for use with a
> safexcel accelerator?
>
ssl_engine devcryptoeng
BUT "ssl_engine" is ...
>
> Not supported in builds with OpenSSL 3.0 or newer.
>
If your Squid is built for libssl 3.0 or later, you may be able to
configure /etc/ssl/openssl.cnf default provider to be the one you want.
Such that Squid does not have to do anything for it to work.
I expect all the details relating to how devcrypto does its thing to be
configured in /etc/ssl/openssl.cnf.
You may find this discussion from the OpenSSL community helpful:
<https://github.com/openssl/openssl/issues/10701>
(FTR; the
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20250401/b6eb1290/attachment.htm>
More information about the squid-users
mailing list