The bug 895993 *has not been fixed*. Please reopen, as the listed fix has nothing to do with the problem described.

---

While it is true that upstream has added GnuTLS support to https_port that has nothing to do with the bug I reported. SSL is still not available on client connections because *it is disabled by you during builds*. This makes forward proxies incrediby insecure and reverse proxies almost completely unsusable. Currently any Debian packeged Squid can only be deployed securely by modifying source packages because https_port is not available.

1) The Debian package is compiled without ssl or tls support (configure options to enable SSL are not included and squid's default is to disable SSL) and therefor either https support added by upstream is disabled during package builds.

2) SSL support has always been in the source code (TLS has just been added additionally) but it could never be used in Debian without modifying the source packages. Neither can TLS because that is also disabled by default and needs to be activated during build.

3) Please add the appropriate configure options and package dependencies
* configure options should be extended by --enable-ssl --with-open-ssl="/etc/ssl/openssl.cnf"
* dependencies should be extended by libssl

Reply via email to