Hey,
indeed. Luckily we are not users of this SSL bump nightmare.
Best, -Michael
On 4 Jan 2019, at 18:02, Matthias Fischer matthias.fischer@ipfire.org wrote:
Hi,
On 02.01.2019 20:11, Michael Tremer wrote:
...
Why do they compare everything to squid 3.5 then?
No idea. Perhaps to make upgrading easier for people running (huge/complex) 3.x-installations? They even still list "missing squid.conf options available in Squid-2.7"! ;-)
...3.x will not be continued, see:
https://wiki.squid-cache.org/RoadMap/Squid3
"We are no longer releasing new Squid series with 3.x numbers.”
No, it is indeed time to migrate! ...
Just for completeness - excerpts from the official announcement which came today: ;-)
***SNIP*** The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-4.5 release!
This release is a security and bug fix release resolving several issues found in the prior Squid releases.
The major changes to be aware of:
- Bug 4253: ssl_bump prevents access to some web contents
...
- Redesign forward_max_tries to count TCP connection attempts
...
- Fix client_connection_mark ACL handling of clientless transactions
...
- Multiple NetDB behaviour updates
...
- The logformat code %>handshake is added
...
- Use pkg-config for detecting libxml2
...
All users of Squid-4 with SSL-Bump functionality are urged to upgrade as soon as possible.
All other users of Squid-4 are encouraged to upgrade as time permits.
All users of Squid-3 are encouraged to upgrade where possible. ***SNAP***
The last sentence says it all...
Best, Matthias