What effect does https traffic have on web cache proxy servers?

https proxy cache tls

I just took two university courses on computer security and internet programming. I was thinking about this the other day:

Web cache proxy servers cache popular content from servers on the web. This is useful, for example, if your company has a 1 Gbps network connection internally (including a web cache proxy server), but only a 100 Mbps connection to the internet. The web cache proxy server can serve cached content much more quickly to other computers on the local network.

Now consider TLS-encrypted connections. Can encrypted content be cached in any useful way? There's a great initiative from letsencrypt.org aiming to make all internet traffic encrypted over SSL by default. They are doing this by making it really easy, automated, and free to obtain SSL certificates for your site (starting summer 2015). Considering current yearly costs for SSL certs, FREE is really attractive.

My question is: will HTTPS traffic eventually make web cache proxy servers obsolete? If so, what toll will this take on the load of global internet traffic?


Solution 1:

Yes, HTTPs will put a damper on network caching.

Specifically because caching HTTPs requires doing a man in the middle type attack - replacing the SSL certificate with that of the cache server. That certificate will have to be generated on the fly and signed by a local authority.

In a corporate environment you can make all PCs trust your cache server certificates. But other machines will give certificate errors - which they should. A malicious cache could modify the pages easily.

I suspect that sites that use large amounts of bandwidth like video streaming will still send content over regular HTTP specifically so it can be cached. But for many sites better security outweighs the increase in bandwidth.

Solution 2:

Even tough HTTPS traffic cannot be proxied in a strict sense ('cause, otherwise, the proxy software will act as a "man in the middle", that is exactly one of the reason SSL has been developed for, to avoid), it's important to remark that common software proxies (like SQUID), can correctly handle HTTPS connections.

This is possible thanks to the HTTP CONNECT METHOD, that SQUID correctly implement. In other words, for any HTTPS request that the proxy receive, it simply "relay" it, without any intervention at encapsuled, enncrypted traffic.

Even if at first this sounds useless, it allows to have local clients/browsers configured to point to a proxy and, at the same time, cut any forms of Internet connectivity.

So, back to your original question: "will HTTPS traffic eventually make web cache proxy servers obsolete?", my answer is:

  • YES: if you rely to a web proxy only in terms of caching;
  • NO: if you rely to a web proxy for things other than caching (eg: user authentication; URL-logging; etc.).

P.S.: a similar/major problem with HTTPS relates to name-based virtual-host multihoming, that is common in web-hosting solutions but.... gets complex when dealing with HTTPS sites (I'm not discussing in details, 'cause it's not strictly related to this question).

Related

How can I map a SFTP to a Drive, natively in Windows [closed]
Is there any way to play offline?
Modern Warfare 3: Weapon Damage Charts
How is ammo shared when playing co-op?
What are the differences in the difficulties in Torchlight 2?
Does the level of a gym's badge affect the gameplay?
Can you reject Slingshot DLC mission first month and choose it next month?
How do I make the Minecarts active?
Is female Wii Fit Trainer's hurtbox still smaller than the male's?
Can mobs go through doors?
How do I get more plants for my Zen Garden?
Am I missing something by not owning a home?