]> git.ipfire.org Git - thirdparty/squid.git/commit
SSLv2 records force SslBump bumping despite a matching step2 peek rule.
authorChristos Tsantilas <chtsanti@users.sourceforge.net>
Fri, 27 Jan 2017 17:02:52 +0000 (06:02 +1300)
committerAmos Jeffries <squid3@treenet.co.nz>
Fri, 27 Jan 2017 17:02:52 +0000 (06:02 +1300)
commit8d7a7f3a7c06d1e0f64b1f9e68be0cbfe2a59874
tree1c085b01cde009562d91427cff92ab6a6dbbf219
parent9b18d6d7e727f9a7143a21a49bf4442b07ef049b
SSLv2 records force SslBump bumping despite a matching step2 peek rule.

If Squid receives a valid TLS Hello encapsulated into ancient SSLv2
records (observed on Solaris 10), the old code ignored the step2 peek
decision and bumped the transaction instead.
Now Squid peeks (or stares) at the origin server as configured, even
after detecting (and parsing) SSLv2 records.

This is a Measurement Factory project.
src/ssl/PeerConnector.cc
src/ssl/bio.cc