Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. ssl inspection
    Log in to post
    • All categories
    • insmodI

      squid transparent proxy with Cryptographic Accelerator Support ?

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy ssl inspection ssl squid
      4
      0 Votes
      4 Posts
      820 Views
      insmodI

      @Dobby_ So
      openssl-1.1.1q,1 TLSv1.3 capable SSL and crypto library
      ldd /usr/local/sbin/squid| grep ssl
      libssl.so.111 => /usr/lib/libssl.so.111 (0x800b6c000)

      It seems that squid used openssl 1.1.1 ,the openssl will use QAT, then the squid can use QAT ?

    • High_VoltageH

      in an effort to better fix/set up squid and the github information for others to use, I need some help understanding stuff

      Watching Ignoring Scheduled Pinned Locked Moved Cache/Proxy squid mitm ssl inspection explicit proxy transparent
      4
      0 Votes
      4 Posts
      945 Views
      GertjanG

      As soon as you have access to the full, decrypted data stream it's most probably possible to cache everything.

      But :
      The, for example, ccs style sheet file, can have a unique name - and won't be re used ever again, so it will get reloaded anyway.
      The file creation date can be set to 'now' so the browser will request a fresh copy, even if the content didn't change at all.
      etc etc .