[squid-users] How to setup a secure(!) squid proxy

Amos Jeffries squid3 at treenet.co.nz
Sat Jan 23 11:24:32 UTC 2016


On 24/01/2016 12:07 a.m., Matus UHLAR - fantomas wrote:
> On 22.01.16 15:15, startrekfan wrote:
>> The dependencies has changed: https://packages.debian.org/sid/squid (not
>> sure why there is also a https://packages.debian.org/sid/squid3 entry)
> 
> because back in wheezy squid was version 2 and when you wanted version 3,
> you've had to install "squid3" package. in jessie, there's only squid3, so
> anyone with squid (2) will be aware with this change.
> 

... and in stretch the mainstream 'squid' package is version 3. The
'squid3' package is a dummy package that auto-upgrades old installs to
the new 'squid' package.


>> Thats excactly the problem with unstable sources. squid3 3.5 requires
>> libecap3 instead of libecap2 (squid3 version 3.4). I can't install
>> libecap3
>> because it has further dependencies.
>> I also can't even compile libecap3 without installing n more
>> dependencies.
> 
> you can manually change dependencies in debian control file, unless the
> dependency is in the code (not sure, someone of squid should know...).
> you can still compile squid without ecap.

You need to also update the ./configure options in the debian/rules file
so the build does not abort.


> 
>> So I have to use squid 3.4 with the unsafe sha1 furthermore.
> 
> you can wait until someone backports squid 3.5 to jessie.
> or, sha256 support to squid 3.4 (both may happen)

There is nothing to port AFAIK. Squid does not have support for any
particular SHA algorithm in itself. That (like the cipher list) is
either supported or not by the OpenSSL library.

Amos



More information about the squid-users mailing list