*Thanks for the quick reply. I want to explain my question further.* *Consider C1 and S1 connections were created for a HTTPs connection using ssl-bump. C1 has been served and closed from the client side.*
*Now, the client initiates another HTTPS connection, C2. Since, persistent connection is enabled, expectation is to see that S1 gets re-used.* *Behaviour seen now is that S2 gets created and a handshake ensues between squid and server. After ~30seconds, S1 is re-used to serve the* *request C2. Persistence seems to work since S1 is re-used. However, why was S2 initiated and why was S1 re-used after ~30seconds?* *PFA: pcap file and the squid.conf* On Mon, Jul 2, 2018 at 4:57 PM, Alex Rousskov < rouss...@measurement-factory.com> wrote: > On 07/02/2018 05:34 PM, Vishali Somaskanthan wrote: > > > I am trying out SSL Bump for my connections from Squid to server and > > trying to put along server persistent connections as well. I would like > > to know how squid behaves with both of these turned on?? > > In modern Squids, all(*) bumped SSL client HTTP requests (from client > connection C) should use the corresponding bumped connection to the > server (S). After the first HTTP request, if more requests arrive on > connection C, and they are all regular/basic requests, then they can all > go through connection S. Once HTTP rules, timeouts, or other factors > prohibit connection S or connection C reuse, Squid should close both > connections. > > Please note that I do not know whether Squid correctly forces all(*) > HTTP requests on connection C to connection S, but it should. If it does > not, file a bug report. Same for closing connection C when connection S > becomes unusable. > > > > I see info in the squid wiki page that SSL Bump creates fake CONNECT > > requests and Peeking at Step1 creates another CONNECT request. > > Peeking or staring may indeed produce internal fake CONNECT requests, > but they are unrelated to your question. They are used internally to > handle the client TLS connection and for giving adaptation services a > say in the matter. Persistency is an HTTP term that is applied to what > happens _after_ the TLS connections is bumped. > > (Also, peeking is a part of the SslBump feature -- they are not two > different actions or stages as "and" in your summary implies). > > > HTH, > > Alex. > P.S. (*) "all" should be interpreted as "all that need a server > connection" here -- pure cache hits, adaptation-satisfied requests, and > probably some erroneous requests (e.g., those blocked by http_access > rules?) do not use the server connection. > -- Regards, Vishali Somaskanthan
bump-persistent-connections.pcap
Description: Binary data
squid.conf
Description: Binary data
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users