Does GREASE bug affect squid 4.10 too?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Does GREASE bug affect squid 4.10 too?

Amish
Hello,

Recently there has been reports of GREASE bug wrt Google chrome and Squid.

I was under belief that it did not affect squid version 4.10 or below.
(I am using squid 4.10 on server - OS is Arch Linux.)

But today since morning users have been complaining about sites not
opening. The server is heavily loaded so it is not easy for me to debug
as there is continuous stream of logs. Plus its work from home which
slows things down for me.

After spending lots of time in finding the issue, I disabled SSL bump
for all sites (added .* to acl file to not monitor any site)

And sites started working again.

I believe this issue was specific to those who used Google chrome but I
am not 100% sure.

So can someone please confirm if bug can affect squid version 4.10 or
not? And if I upgrade to squid 4.13 will it definitely solve the GREASE
issue.

Or can it be that Google chrome has again come up with something new
which is breaking SSL again?

Thank you in advance,

Amish.

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Does GREASE bug affect squid 4.10 too?

Amos Jeffries
Administrator
On 1/09/20 1:18 am, Amish wrote:
> Hello,
>
> Recently there has been reports of GREASE bug wrt Google chrome and Squid.
>
...>
> So can someone please confirm if bug can affect squid version 4.10 or
> not? And if I upgrade to squid 4.13 will it definitely solve the GREASE
> issue.

4.13 will definitely solve the GREASE issue. I cannot confirm whether
that is affecting 4.10 or older since those versions pass the values to
libssl for interpretation - which may or may not have handled GREASE.

You need to upgrade regardless of whether this solves the issue. The CVE
issues fixed in that release are critical.

If the issues continue or you discover anything more specific about it
please let us know. :)


>
> Or can it be that Google chrome has again come up with something new
> which is breaking SSL again?
>

That is entirely possible as well.

HTH
Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Does GREASE bug affect squid 4.10 too?

Amish

On 31/08/20 7:05 pm, Amos Jeffries wrote:

> On 1/09/20 1:18 am, Amish wrote:
>> Hello,
>>
>> Recently there has been reports of GREASE bug wrt Google chrome and Squid.
>>
> ...>
>> So can someone please confirm if bug can affect squid version 4.10 or
>> not? And if I upgrade to squid 4.13 will it definitely solve the GREASE
>> issue.
> 4.13 will definitely solve the GREASE issue. I cannot confirm whether
> that is affecting 4.10 or older since those versions pass the values to
> libssl for interpretation - which may or may not have handled GREASE.
>
> You need to upgrade regardless of whether this solves the issue. The CVE
> issues fixed in that release are critical.
>
> If the issues continue or you discover anything more specific about it
> please let us know. :)

Thank you very much for a super quick reply. I will definitely update to
4.13 tomorrow and report back if there is any issue (I hope there is
none. Do not want one more restless day!! Phew!)

You (Amos) and Alex always amaze me on how you manage replying to
queries on the list and also do coding with good documentation too. At
the same time appreciate other developers too.

Thank you again and best regards,

Amish

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users