What effect does https traffic have on web cache proxy servers?

Solution 1:

Yes, HTTPs will put a damper on network caching.

Specifically because caching HTTPs requires doing a man in the middle type attack - replacing the SSL certificate with that of the cache server. That certificate will have to be generated on the fly and signed by a local authority.

In a corporate environment you can make all PCs trust your cache server certificates. But other machines will give certificate errors - which they should. A malicious cache could modify the pages easily.

I suspect that sites that use large amounts of bandwidth like video streaming will still send content over regular HTTP specifically so it can be cached. But for many sites better security outweighs the increase in bandwidth.

Solution 2:

Even tough HTTPS traffic cannot be proxied in a strict sense ('cause, otherwise, the proxy software will act as a "man in the middle", that is exactly one of the reason SSL has been developed for, to avoid), it's important to remark that common software proxies (like SQUID), can correctly handle HTTPS connections.

This is possible thanks to the HTTP CONNECT METHOD, that SQUID correctly implement. In other words, for any HTTPS request that the proxy receive, it simply "relay" it, without any intervention at encapsuled, enncrypted traffic.

Even if at first this sounds useless, it allows to have local clients/browsers configured to point to a proxy and, at the same time, cut any forms of Internet connectivity.

So, back to your original question: "will HTTPS traffic eventually make web cache proxy servers obsolete?", my answer is:

  • YES: if you rely to a web proxy only in terms of caching;
  • NO: if you rely to a web proxy for things other than caching (eg: user authentication; URL-logging; etc.).

P.S.: a similar/major problem with HTTPS relates to name-based virtual-host multihoming, that is common in web-hosting solutions but.... gets complex when dealing with HTTPS sites (I'm not discussing in details, 'cause it's not strictly related to this question).