Squid ssl-bump not reusing server connections

by David Ehrmann   Last Updated March 20, 2019 04:00 AM - source

I'm trying to do use HTTP connection pooling for a PHP app served by Nginx and fastcgi. Because of the fastcgi request lifecycle, I can't easily reuse outbound HTTP connections between requests.

My thought was to use a local Squid proxy for this, configuring it to ssl-bump outgoing requests and set https_proxy=http://127.0.0.1:3128 in the PHP env. When I tried this, following the example on the Squid wiki, Squid correctly handles the requests, but the request times are the same, and looking in Wireshark, it looks like there's a new SSL connection handshake for each request, even though Squid should be able to reuse the connection.

This thread suggests that there are circumstances where the connection should be reused but wasn't(?).

This is with Squid 3.5.27.

Should Squid support this? Are there other proxy servers that can ssl-bump and pool outgoing connections? Is there another approach I should look into?



Related Questions