Can a Squid proxy cache data from an SSL connection?
11-19-2006 10:49 AM
No it doesnt cache ssl packets.
Originally Posted by http://www.squid-cache.org/Doc/FAQ/FAQ-1.html#ss1.12
1.12 Does Squid support SSL/HTTPS/TLS?
As of version 2.5, Squid can terminate SSL connections. This is perhaps only useful in a surrogate (http accelerator) configuration. You must run configure with --enable-ssl. See https_port in squid.conf for more information.
Squid also supports these encrypted protocols by ``tunelling'' traffic between clients and servers. In this case, Squid can relay the encrypted bits between a client and a server.
Normally, when your browser comes across an https URL, it does one of two things:
1. The browser opens an SSL connection directly to the origin server.
2. The browser tunnels the request through Squid with the CONNECT request method.
The CONNECT method is a way to tunnel any kind of connection through an HTTP proxy. The proxy doesn't understand or interpret the contents. It just passes bytes back and forth between the client and server. For the gory details on tunnelling and the CONNECT method, please see RFC 2817 and Tunneling TCP based protocols through Web proxy servers (expired).