You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@trafficserver.apache.org by Karthick S <ka...@gmail.com> on 2013/11/25 09:09:40 UTC

Can ATS cache https requests?

Hi All,

Can ATS cache https requests?

Regards,
Karthick

Re: Can ATS cache https requests?

Posted by "Alan M. Carroll" <am...@network-geographics.com>.

Tuesday, November 26, 2013, 2:50:49 AM, you wrote:

> Am 26.11.2013 04:36, schrieb Karthick S:
>> My use case is "Orgin Server <-> ATS (encrypted), and ATS <->Client (unencrypted)". I wanted to configure ATS for
>> this use case. Will this keep the https response in cache?

> besides SSL between the servers and no encryption to the client makes pretty
> no sense at all *no it will not* because it is the other way around

That depends - if you are using ATS as a forward proxy it could well be that the ATS <-> origin server link is on the Internet and needs to be encrypted while the ATS <-> UA link is on a local network and doesn't require that.

I think you should be able to do this. As long as ATS sees the traffic unencrypted it should be able to cache it. I know that ATS will do outbound SSL (to the origin server) so I would certainly give it a try.

Re: Can ATS cache https requests?

Posted by Shu Kit Chan <ch...@gmail.com>.

You can take a look here and see if this is helpful.
https://trafficserver.readthedocs.org/en/latest/admin/security-options.en.html#traffic-server-and-origin-server-connections

Thanks.


On Tue, Nov 26, 2013 at 12:50 AM, Reindl Harald <h....@thelounge.net>wrote:

>
> Am 26.11.2013 04:36, schrieb Karthick S:
> > My use case is "Orgin Server <-> ATS (encrypted), and ATS <->Client
> (unencrypted)". I wanted to configure ATS for
> > this use case. Will this keep the https response in cache?
>
> besides SSL between the servers and no encryption to the client makes
> pretty
> no sense at all *no it will not* because it is the other way around
>
> http://en.wikipedia.org/wiki/SSL_termination_proxy
>
> > On Tue, Nov 26, 2013 at 9:01 AM, Reindl Harald <h.reindl@thelounge.net<mailto:
> h.reindl@thelounge.net>> wrote:
> >
> >
> >
> >     Am 26.11.2013 04:10, schrieb Karthick S:
> >     > I am new to this SSL concept. You said that "If it's terminating
> them, then yes, otherwise no". Which means
> >     if the
> >     > Client/Traffic Server SSL termination enabled only then the https
> response will be cache or not? Can you please
> >
> >     "terminating" means endpoint
> >
> >     origin -> ATS -> unencrypted
> >     ATS -> client -> encrypted
> >
> >     ATS has the certificates and does the encryption itself
> >     otherwise *it can't* cache because it does not see content and
> headers by nature of encryption
>
>

Re: Can ATS cache https requests?

Posted by Reindl Harald <h....@thelounge.net>.

Am 26.11.2013 04:36, schrieb Karthick S:
> My use case is "Orgin Server <-> ATS (encrypted), and ATS <->Client (unencrypted)". I wanted to configure ATS for
> this use case. Will this keep the https response in cache?

besides SSL between the servers and no encryption to the client makes pretty
no sense at all *no it will not* because it is the other way around

http://en.wikipedia.org/wiki/SSL_termination_proxy

> On Tue, Nov 26, 2013 at 9:01 AM, Reindl Harald <h.reindl@thelounge.net <ma...@thelounge.net>> wrote:
> 
> 
> 
>     Am 26.11.2013 04:10, schrieb Karthick S:
>     > I am new to this SSL concept. You said that "If it's terminating them, then yes, otherwise no". Which means
>     if the
>     > Client/Traffic Server SSL termination enabled only then the https response will be cache or not? Can you please
> 
>     "terminating" means endpoint
> 
>     origin -> ATS -> unencrypted
>     ATS -> client -> encrypted
> 
>     ATS has the certificates and does the encryption itself
>     otherwise *it can't* cache because it does not see content and headers by nature of encryption

Re: Can ATS cache https requests?

Posted by Karthick S <ka...@gmail.com>.

Hi Reindl Harald,

My use case is "Orgin Server <-> ATS (encrypted), and ATS <->Client
(unencrypted)". I wanted to configure ATS for this use case. Will this keep
the https response in cache?

Regards,
karthick

On Tue, Nov 26, 2013 at 9:01 AM, Reindl Harald <h....@thelounge.net>wrote:

>
>
> Am 26.11.2013 04:10, schrieb Karthick S:
> > I am new to this SSL concept. You said that "If it's terminating them,
> then yes, otherwise no". Which means if the
> > Client/Traffic Server SSL termination enabled only then the https
> response will be cache or not? Can you please
>
> "terminating" means endpoint
>
> origin -> ATS -> unencrypted
> ATS -> client -> encrypted
>
> ATS has the certificates and does the encryption itself
> otherwise *it can't* cache because it does not see content and headers by
> nature of encryption
>
>
>

Re: Can ATS cache https requests?

Posted by Reindl Harald <h....@thelounge.net>.


Am 26.11.2013 04:10, schrieb Karthick S:
> I am new to this SSL concept. You said that "If it's terminating them, then yes, otherwise no". Which means if the
> Client/Traffic Server SSL termination enabled only then the https response will be cache or not? Can you please

"terminating" means endpoint

origin -> ATS -> unencrypted
ATS -> client -> encrypted

ATS has the certificates and does the encryption itself
otherwise *it can't* cache because it does not see content and headers by nature of encryption

Re: Can ATS cache https requests?

Posted by Karthick S <ka...@gmail.com>.

Hi Igor,
I am new to this SSL concept. You said that "If it's terminating them, then
yes, otherwise no". Which means if the Client/Traffic Server SSL
termination enabled only then the https response will be cache or not? Can
you please elaborate it?

Regards,
karthick

On Mon, Nov 25, 2013 at 2:21 PM, Igor GaliÄ <i....@brainsware.org> wrote:

>
>
> ------------------------------
>
> Hi All,
>
> Can ATS cache https requests?
>
> if it's terminating them, then yes, otherwise, no.
>
> (You'd have to set-up a transparent proxy and dynamically sign
> certificates for each site your client machines are accessing. We haven't
> automated that yet ;)
>
> Regards,
> Karthick
>
> ++ i
> Igor GaliÄ
>
> Tel: +43 (0) 664 886 22 883
> Mail: i.galic@brainsware.org
> URL: http://brainsware.org/
> GPG: 8716 7A9F 989B ABD5 100F  4008 F266 55D6 2998 1641
>
>

Re: Can ATS cache https requests?

Posted by Igor Galić <i....@brainsware.org>.

----- Original Message -----

> Hi All,

> Can ATS cache https requests?

if it's terminating them, then yes, otherwise, no. 

(You'd have to set-up a transparent proxy and dynamically sign certificates for each site your client machines are accessing. We haven't automated that yet ;) 

> Regards,
> Karthick

++ i 
Igor Galić 

Tel: +43 (0) 664 886 22 883 
Mail: i.galic@brainsware.org 
URL: http://brainsware.org/ 
GPG: 8716 7A9F 989B ABD5 100F 4008 F266 55D6 2998 1641

Re: Can ATS cache https requests?

Posted by Igor Galić <i....@brainsware.org>.

----- Original Message -----

> Hi All,

> Can ATS cache https requests?

if it's terminating them, then yes, otherwise, no. 

(You'd have to set-up a transparent proxy and dynamically sign certificates for each site your client machines are accessing. We haven't automated that yet ;) 

> Regards,
> Karthick

++ i 
Igor Galić 

Tel: +43 (0) 664 886 22 883 
Mail: i.galic@brainsware.org 
URL: http://brainsware.org/ 
GPG: 8716 7A9F 989B ABD5 100F 4008 F266 55D6 2998 1641