Thank you for the clarification. On Tue, Apr 10, 2018, 21:11 Alex Rousskov <rouss...@measurement-factory.com> wrote:
> On 04/10/2018 11:24 AM, Panagiotis Bariamis wrote: > > Thank you for your answer but as far as I can understand this setup is > > for a regular proxy that just proxies https protocol with http connect > > headers (unencrypted traffic between client and proxy on http connect > > request ) . > > Your understanding is incorrect: All the traffic between the client and > the proxy is encrypted in that test. > > > > Secure web proxy encrypts traffic between client and proxy > > Yes, and that is what the Polygraph workload sketch tests. The Squid > port for that workload is an https_port, not an http_port. > > > > meaning that you have an http connect request inside a tls tunnel. > > Yes, if the origin server is talking TLS. Just like a regular HTTP > proxy, an HTTPS proxy can proxy both plain and encrypted origin server > traffic. The latter requires a CONNECT tunnel. Whether the origin server > talks HTTP or HTTPS is a separate variable/issue, unrelated to whether > the client-proxy communication itself is secured. > > Polygraph supports HTTPS proxies and HTTPS servers. IIRC, Polygraph v5 > supports the combination of the two: TLS inside TLS (because HTTP/2 > support essentially required that). I am not sure about Polygraph v4. > The workload I sketched uses HTTPS proxies and plain origin servers. > > > HTH, > > Alex. > > > > > On Tue, Apr 10, 2018, 17:22 Alex Rousskov wrote: > > > > On 04/10/2018 06:31 AM, Panagiotis Bariamis wrote: > > > Is there any stress testing tool to test with a load of 1k to 5k > > > simultaneous connections ? > > > > Web Polygraph (www.web-polygraph.org <http://www.web-polygraph.org>) > > supports HTTPS proxies and can > > create thousands of concurrent connections. Below is a PGL > configuration > > snippet from a recent HTTPS proxy test in our lab. > > > > HTH, > > > > Alex. > > > > > > SslWrap sslWrap = { > > ssl_config_file = "openssl.conf"; > > root_certificate = "CA-priv+pub.pem"; > > session_resumption = 70%; > > session_cache = 100; > > }; > > > > Server S = { > > // no ssl_wraps here unless you want to test TLS inside TLS > > ... > > }; > > > > Proxy P = { > > addresses = [ ... HTTPS proxy address ... ]; > > ssl_wraps = [ sslWrap ]; // this is an HTTPS proxy > > }; > > > > Robot R = { > > ssl_wraps = [ sslWrap ]; // an HTTPS-capable client > > > > origins = S.addresses; > > http_proxies = P.addresses; > > > > ... > > }; > > > > use(S,P,R); > > > >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users