Wednesday, April 17, 2013, 9:32:19 PM, you wrote: > Its an explicit forward proxy, not transparent. If i want to cache then i > have to use the SSL termination, right ? Anyway, am using the connect_ports > solution and set the CONFIG proxy.config.http.uncacheable_ > requests_bypass_parent INT 0 so that the connection goes to parent just like > you said. But how difficult is it to cache the HTTPS connection ?
Yes, any useful type of caching would require SSL termination. It is the SSL termination that is difficult. In the reverse case the set of certificates is not only finite but controlled by the same operation (e.g., if Yahoo! puts ATS with SSL termination in front of its servers, copying the certificates to ATS is simple). The forward case is far more difficult in both these respects because you don't know what certificates you need and you don't own them even if you do. I can't recommend the attempt to anyone who is not quite experience with SSL, certificates, and authority chains. It's not something that could be dealt with via just email. For example, if a client connects to https://fidelity.com, to terminate the connection and cache it ATS would need to have installed on the ATS box an SSL certificate that client browser would accept as a valid Fidelity certificate. It might be even worse, in that the browser forces the use of CONNECT (and not GET) for HTTPS connections. I'm not sure ATS will handle that in a way that would support caching.
