[squid-users] Fast SNI: (Also) on 3.5.x ?

Alex Rousskov rousskov at measurement-factory.com
Tue Jul 19 17:20:16 UTC 2016


On 07/19/2016 09:36 AM, Amos Jeffries wrote:
> On 20/07/2016 2:20 a.m., reinerotto wrote:
>> The patch for "Fast SNI" is included in 4.x, as I have seen. Any plans to
>> implement same patch i 3.5.x ?

> Not at this point, and not likely. It is almost a complete re-write of
> the TLS I/O processing, so would be quite a big de-stabilizing change
> for 3.5.

Agreed. Technically, the so called "stable" TLS I/O processing in v3 is
essentially one huge bug attracting CVEs better than a lure module
attracts Pokemons. Somebody might fix that bug by porting v4 code.
However, they would be better off spending that energy on v4 instead!

Alex.



More information about the squid-users mailing list