Re: [squid-users] Squid - impact of TLS/SSL vulnerability?

From: Kinkie <gkinkie_at_gmail.com>
Date: Wed, 18 Nov 2009 23:03:50 +0100

On Wed, Nov 18, 2009 at 10:25 PM, The Psycho Chicken
<psychochicken_at_restlesschickens.com> wrote:
> Hi,
>
> Has anyone looked at the impact of the recent TLS/SSL vulnerability
> (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555) on Squid? If
> you're using Squid as a HTTPS reverse proxy then it has SSL exposed to the
> Internet.
>
> I haven't noticed anything in the mailing lists.

Squid is as vulnerable as any other product based on SSL.
Unfortunately there's not much we developers can do. The burden falls
on the (open)ssl library implementors, and all we can do is wait.
Some OS vendors have already started shipping an updated ssl library
which somehow plugs the hole. After that (dynamic) library has been
installed on the host OS, Squid (after a restart at most) is
immediately protected from the flaw.

-- 
    /kinkie
Received on Wed Nov 18 2009 - 22:04:00 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 19 2009 - 12:00:04 MST