This bug shows up as SSL-Bumped connections being stuck in various TCP
open or half-open states and not closing until the TCP timeouts are reached.
Note, there are still other issues leading to the same behaviour and not
necessarily SSL-Bump related. This release works around the most common
issues affecting recent Squid-3 releases, but some remain and a better
long-term solution will be implemented later.
* Native FTP relay: NAT and TPROXY interception fixes
FTP Native relay is now able to cope with active-mode FTP DATA
connections when intercepting FTP traffic. Previously Squid would use
incorrect IP:port details which would not work with many clients.
* Bump SSL client on [more] errors encountered before ssl_bump evaluation
This bug shows up as error responses for issues encountered early in the
TLS/SSL handling being sent to clients unencrypted when Squid should
have bumped and delivered them encrypted.
All users of Squid-3 with SSL-Bump functionallity are encouraged to
upgrade to this release as soon as possible.
All other users of Squid-3 are encouraged to upgrade to this release as
See the ChangeLog for the full list of changes in this and earlier