[squid-users] squid sslbump server-first local loops?

From: Amm <ammdispose-squid_at_yahoo.com>
Date: Sat, 12 Apr 2014 10:53:06 +0530

Hello,

I accidentally came across this. I was trying to test what TLS version
my squid reports.

So I ran this command:
openssl s_client -connect 192.168.1.2:8081

where 8081 is https_port on which squid runs. (with sslbump)

And BOOM, squid went in to infinite loop! And started running out of
file descriptors.

It continued the loop even after I ctrl-c'ed the openssl.

I suppose this happens due to server-first in sslbump, where squid keeps
trying to connect to self in an infinite loop.

Port 8081 is NOT listed in Safe_ports. So shouldn't squid be blocking it
before trying server-first?

Or shouldn't squid check something like this?

If (destIP == selfIP and destPort == selfPort) then break?

I am also not sure if this can be used to DoS. So just reporting,

Amm.
Received on Sat Apr 12 2014 - 05:23:16 MDT

This archive was generated by hypermail 2.2.0 : Sun Apr 13 2014 - 12:00:05 MDT