The Squid HTTP Proxy team is very pleased to announce the availability
of the Squid-4.0.24 release!
This release is a bug fix release resolving several issues found in the
prior Squid releases.
The major changes to be aware of:
* GnuTLS support for https_port
When built with GnuTLS instead of OpenSSL this Squid is now able to open
listening ports and receive HTTPS traffic in explicit proxy or reverse
proxy modes. SSL-Bump and intercept proxy are not yet supported.
With GnuTLS comes the ability to configure multiple static (or wildcard)
certificates for a single https_port. This ability is sadly not shared
WARNING: A regression in handling of the cafile= option has been found
in this release. It may be resolved by combining the CA chain into the
PEM file configured with cert=.
With the new multi-cert support combining the certificate and its CA
chain in one PEM file becomes the new Best Practice configuration to
ensure the CA chain is associated only with the relevant certificate(s)
* Fix SSL-Bump with an authentication type other than the Basic
This improves the Squid behaviour working with SSL-Bump'ed CONNECT
messages when the original CONNECT contained authentication credentials.
Earlier releases would unconditionally treat all such bumped traffic as
successfully authenticated. When a configuration used proxy_auth ACLs to
check access on a per-user basis or for methods other than the Basic
scheme that could incorrectly allow access to resources intended to be
hidden to some users.
This release now processes the proxy_auth ACL checks normally, but with
the CONNECT credentials so allow/deny can work as intended. ACL results
requiring re-authentication should act as an ACL non-match instead of
generating a re-authenticate challenge.
* Improved compiler support
This release fixes a number of compile errors seen with GCC-7 and
Clang-3.9 versions across several operating systems.
There are still a number of outstanding issues when building with the
latest GCC-8 versions. Fixes for those are expected to be in the next
All users of Squid-4.x are urged to upgrade to this release as
soon as possible.
All users of Squid-3 are encouraged to test this release out and plan
for upgrades where possible.
See the ChangeLog for the full list of changes in this and earlier