The Squid HTTP Proxy team is very pleased to announce the availability of the Squid-3.5.13 release!
This release is a bug fix release resolving issues found in the prior Squid releases and hardening security. Please note the TLS feature backport is an exceptional situation. The Squid Project policy is (and remains) not to backport feature changes affecting squid.conf within a stable/production release. The major changes to be aware of: * Support Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange The Squid-4 functionality supporting Elliptic Curve cryptography has been backported to this release to better suit community needs. * Complete certificate chains using external intermediate certificates Many origin servers do not send complete certificate chains. Many browsers use certificate extensions in the server certificate to download the missing intermediate certificates automatically from the Internet. Squid-3 does not do that. This backported Squid-4 feature allows an admin to supply a file with intermediate certificates that Squid may use to complete certificate chains. These intermediate certificates are _not_ treated as trusted root certificates. * SSL-Bump: Avoid memory overuse with X.509 certificate validator SSL-Bump TLS contexts are created dynamically and potentially in large numbers. When certificate validator was used the validator response was causing the context to be leaked. Note: There are other known (and some unknown) memory issues related to certificate validation which remain to be solved. * Fix connection retry and fallback after failed server TLS connections Previous Squid-3.4 and 3.5 releases would attempt only one server connection when forwarding a bumped https:// and if that failed would produce an error. This release will now retry with other servers as done with http:// requests. All users of Squid are urged to upgrade to this release as soon as possible. See the ChangeLog for the full list of changes in this and earlier releases. Please refer to the release notes at http://www.squid-cache.org/Versions/v3/3.5/RELEASENOTES.html when you are ready to make the switch to Squid-3.5 Upgrade tip: "squid -k parse" is starting to display even more useful hints about squid.conf changes. This new release can be downloaded from our HTTP or FTP servers http://www.squid-cache.org/Versions/v3/3.5/ ftp://ftp.squid-cache.org/pub/squid/ ftp://ftp.squid-cache.org/pub/archive/3.5/ or the mirrors. For a list of mirror sites see http://www.squid-cache.org/Download/http-mirrors.html http://www.squid-cache.org/Download/mirrors.html If you encounter any issues with this release please file a bug report. http://bugs.squid-cache.org/ Amos Jeffries _______________________________________________ squid-announce mailing list squid-announce@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-announce
