martin f krafft said: > > is no way that it can decrypt the stream and cache the data - > unless something here is entirely broken, or i am failing to > understand the trivial.
i wouldn't want squid to cache https data. all squid has to do is allow the connection. from what ive heard from the developers at my company a proxy that does SSL is just supposed to allow the data to pass. any interference in the data(caching etc) could quite possibly invalidate the encrypted stream and cause all kinds of problems. a quick search turned up this: http://developer.netscape.com/docs/manuals/proxy/adminux/encrypt.htm#1015838 "With SSL, the data stream is encrypted, so the proxy has no access to the actual transaction. Consequently, the access log cannot list the status code or the header length received from the remote server. This also prevents the proxy, or any other third party, from eavesdropping on the transactions." while not specific to squid i believe it applies to squid. you could probably come up with a caching proxy by integrating the ssl sniffing stuff from dsniff(?). but i wouldn't want my ssl data cached anywhere. nate
