Project

General

Profile

Bug #10146

squid4 obsolete options

Added by Viktor Gurov 6 months ago. Updated about 1 month ago.

Status:
Resolved
Priority:
Normal
Category:
Squid
Target version:
-
Start date:
01/02/2020
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.4.5
Affected Architecture:

Description

got in squid logs on pfSense 2.4.5:

ERROR: Directive 'sslproxy_cipher' is obsolete.
ERROR: Directive 'sslproxy_options' is obsolete.
ERROR: Directive 'sslproxy_capath' is obsolete.

sslproxy_cipher should be replaced with tls_outgoing_options cipher=

sslproxy_options with tls_outgoing_options options=

sslproxy_capath with tls_outgoing_options capath=

Need to check all new/removed/replaced options in Squid 4:
http://www.squid-cache.org/Versions/v4/RELEASENOTES.html#s3

History

#1 Updated by Viktor Gurov 6 months ago

updated options:
sslproxy_capath - Replaced by tls_outgoing_options capath=.
sslproxy_cipher - Replaced by tls_outgoing_options cipher=.
sslproxy_flags - Replaced by tls_outgoing_options flags=.
sslproxy_options - Replaced by tls_outgoing_options options=.

cache_peer
Replaced option ssl with tls. Use of any tls- prefixed options implies tls is enabled.

update in previous PR:
https://github.com/pfsense/FreeBSD-ports/pull/740

#2 Updated by Jim Pingle 6 months ago

  • Status changed from New to Pull Request Review

#3 Updated by Jim Pingle 6 months ago

  • Status changed from Pull Request Review to Feedback

This was merged a few days ago

#4 Updated by Viktor Gurov 6 months ago

  • Status changed from Feedback to Resolved

tested on 2.5.0.a.20200110.1822 with squid-0.4.44_13

works as expected

#5 Updated by Viktor Gurov about 1 month ago

https://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#Troubleshooting:
NO_SSLv2 is relevant only for Squid-3.x. SSLv2 support has been completely removed from Squid-4

fix:
https://github.com/pfsense/FreeBSD-ports/pull/868

#6 Updated by Jim Pingle about 1 month ago

  • Status changed from Resolved to Pull Request Review
  • Target version deleted (2.4.5)

#7 Updated by Renato Botelho about 1 month ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#8 Updated by Viktor Gurov about 1 month ago

  • Status changed from Feedback to Resolved

OK - no NO_SSLv2 option in squid pkg 0.4.44_26

Also available in: Atom PDF