[squid-users] How to setup a secure(!) squid proxy

Amos Jeffries squid3 at treenet.co.nz
Sat Jan 23 09:47:49 UTC 2016


On 23/01/2016 12:50 a.m., startrekfan wrote:
> Talked to the debian guys again. There seems to be a problem with the
> complete release system.
> 
> They apply  security patches for the stable squid 3.4.8 in debian jessie.
> But not for the ssl part of squid because it's disabled by default. So when
> I enable ssl I have to take care about everything by myself.
> 
> So the only thing that I can do is compiling an "unstable" squid 3.5 by
> myself. But this has several disadvantages: No auto-update, problems with
> the dependencies (This can get serious, if squid changes common
> dependencies), unstable software in a stable environment (Squid _could_ run
> unstable)

By enabling OpenSSL support you are already changing the dependencies.
This is why using the packaging system to build the altered squid
package is recommended in the first place. It will take care of the
dependency linkages when done that way, as well as the package version
upgrades later.


> 
> Is there any chance that squid modifies its license so that it's compatible
> with openssl? The current situation makes the administration more
> complicated than it's necessary for everyone.

No it is not possible. All contributors to Squid need to give their
permission for the change. Many contributors to Squid are not able to be
contacted any longer. Therefore the liense is fixed as GPL until such
time as we can replace the code with unknown authors.


Perhapse you would like to support my work adding GnuTLS support
instead? its not going to happen quickly, but every bit helps.

Amos



More information about the squid-users mailing list