[squid-users] Need help debugging my squid configuration

Amos Jeffries squid3 at treenet.co.nz
Sat May 16 00:28:14 UTC 2015


On 16/05/2015 2:33 a.m., Jose Torres-Berrocal wrote:
> I willl try to find help on Ubuntu Forums how to compile it.
> 

I linked to the Ubuntu instructions page in my last email.

"
  <http://wiki.squid-cache.org/KnowledgeBase/Ubuntu>
 to compile and install a new Squid binary. Like this command line:
   ./configure (the options needed) && make install
"

The section "compiling" on that page lists the mandatory ./configure
options required for system integration on Debian/Ubuntu systems.

The output of "squid -v" (or "squid3 -v" if its that old) command will
tell you what else the distributor built with. It is up to you which of
those others you choose to use for your own custom build.


> But I really would like to solve my squid 3.3.8 problem.  For which I
> started this thread.
> It may be bugy on SSL_BUMP but should work must of the time. It
> compiles in Ubuntu as they do have an Ubuntu source for 3.3.8 version.

I can tell you right now that even if you get all this going 3.3 will
still not be able to bump the traffic from many major websites when the
browser is Chrome or Firefox.

TLS was designed to be an unbreakable protection - when properly used it
is. They only reason it can be broken at all today is bad
implementations by browsers/clients and servers. As the flaws get fixed
(and they are slowly) bumping ceases to work. The attacking technique(s)
coded into 3.3 have already been defended against by those browsers and
the major popular websites.


> 
> I need to find why is starting and terminated to fix the problem.  If
> I succesfully compile 3.5.4 but the problem affects 3.5.4 also, then I
> have accomplish nothing.

You will have accomplished proof that the bug still exists and we have a
reason to help you fix it. We will then fix it *in the current code*.

 - the SSL related code has had 3 major re-writes and several major
feature alterations since 3.3, and

 - many people actively use the code between 3.3.8 and 3.5.4 without
seeing this same problem.

So chances of the same bug existing in the SSL logics is quite small.
Though you may hit other bugs.


If you fix it yourself, the version number must change and suddenly you
have a different packege - the distro one is still broken. You might as
well just use the already fixed latest sources, and have the support
that comes with doing so.

Amos



More information about the squid-users mailing list