+++ /dev/null
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
-<HTML>
-<HEAD>
- <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.69">
- <TITLE>Squid 3.5.7 release notes</TITLE>
-</HEAD>
-<BODY>
-<H1>Squid 3.5.7 release notes</H1>
-
-<H2>Squid Developers</H2>
-<HR>
-<EM>This document contains the release notes for version 3.5 of Squid.
-Squid is a WWW Cache application developed by the National Laboratory
-for Applied Network Research and members of the Web Caching community.</EM>
-<HR>
-<P>
-<H2><A NAME="toc1">1.</A> <A HREF="#s1">Notice</A></H2>
-
-<UL>
-<LI><A NAME="toc1.1">1.1</A> <A HREF="#ss1.1">Known issues</A>
-<LI><A NAME="toc1.2">1.2</A> <A HREF="#ss1.2">Changes since earlier releases of Squid-3.5</A>
-<LI><A NAME="toc1.3">1.3</A> <A HREF="#ss1.3">Copyright disclaimer adjustments</A>
-</UL>
-<P>
-<H2><A NAME="toc2">2.</A> <A HREF="#s2">Major new features since Squid-3.4</A></H2>
-
-<UL>
-<LI><A NAME="toc2.1">2.1</A> <A HREF="#ss2.1">Support libecap v1.0</A>
-<LI><A NAME="toc2.2">2.2</A> <A HREF="#ss2.2">Authentication helper query extensions</A>
-<LI><A NAME="toc2.3">2.3</A> <A HREF="#ss2.3">Support named services</A>
-<LI><A NAME="toc2.4">2.4</A> <A HREF="#ss2.4">Upgraded squidclient tool</A>
-<LI><A NAME="toc2.5">2.5</A> <A HREF="#ss2.5">Helper support for concurrency channels</A>
-<LI><A NAME="toc2.6">2.6</A> <A HREF="#ss2.6">Native FTP Relay</A>
-<LI><A NAME="toc2.7">2.7</A> <A HREF="#ss2.7">Receive PROXY protocol, Versions 1 & 2</A>
-<LI><A NAME="toc2.8">2.8</A> <A HREF="#ss2.8">Basic authentication MSNT helper changes</A>
-</UL>
-<P>
-<H2><A NAME="toc3">3.</A> <A HREF="#s3">Changes to squid.conf since Squid-3.4</A></H2>
-
-<UL>
-<LI><A NAME="toc3.1">3.1</A> <A HREF="#ss3.1">New tags</A>
-<LI><A NAME="toc3.2">3.2</A> <A HREF="#ss3.2">Changes to existing tags</A>
-<LI><A NAME="toc3.3">3.3</A> <A HREF="#ss3.3">Removed tags</A>
-</UL>
-<P>
-<H2><A NAME="toc4">4.</A> <A HREF="#s4">Changes to ./configure options since Squid-3.4</A></H2>
-
-<UL>
-<LI><A NAME="toc4.1">4.1</A> <A HREF="#ss4.1">New options</A>
-<LI><A NAME="toc4.2">4.2</A> <A HREF="#ss4.2">Changes to existing options</A>
-<LI><A NAME="toc4.3">4.3</A> <A HREF="#ss4.3">Removed options</A>
-</UL>
-<P>
-<H2><A NAME="toc5">5.</A> <A HREF="#s5">Regressions since Squid-2.7</A></H2>
-
-<UL>
-<LI><A NAME="toc5.1">5.1</A> <A HREF="#ss5.1">Missing squid.conf options available in Squid-2.7</A>
-</UL>
-<P>
-<H2><A NAME="toc6">6.</A> <A HREF="#s6">Copyright</A></H2>
-
-
-<HR>
-<H2><A NAME="s1">1.</A> <A HREF="#toc1">Notice</A></H2>
-
-<P>The Squid Team are pleased to announce the release of Squid-3.5.7.</P>
-<P>This new release is available for download from
-<A HREF="http://www.squid-cache.org/Versions/v3/3.5/">http://www.squid-cache.org/Versions/v3/3.5/</A> or the
-<A HREF="http://www.squid-cache.org/Download/http-mirrors.html">mirrors</A>.</P>
-
-<P>Some interesting new features adding system flexibility have been added along with general improvements all around.
-While this release is not fully bug-free we believe it is ready for use in production on many systems.</P>
-
-<P>We welcome feedback and bug reports. If you find a bug, please see
-<A HREF="http://wiki.squid-cache.org/SquidFaq/BugReporting">http://wiki.squid-cache.org/SquidFaq/BugReporting</A>
-for how to submit a report with a stack trace.</P>
-
-<H2><A NAME="ss1.1">1.1</A> <A HREF="#toc1.1">Known issues</A>
-</H2>
-
-<P>Although this release is deemed good enough for use in many setups, please note the existence of
-<A HREF="http://bugs.squid-cache.org/buglist.cgi?query_format=advanced&product=Squid&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&version=3.5">open bugs against Squid-3.5</A>.</P>
-
-<H2><A NAME="ss1.2">1.2</A> <A HREF="#toc1.2">Changes since earlier releases of Squid-3.5</A>
-</H2>
-
-<P>The 3.5 change history can be
-<A HREF="http://www.squid-cache.org/Versions/v3/3.5/changesets/">viewed here</A>.</P>
-
-<H2><A NAME="ss1.3">1.3</A> <A HREF="#toc1.3">Copyright disclaimer adjustments</A>
-</H2>
-
-<P>Squid sources are now administered by the Squid Software Foundation on
-behalf of the Squid Project and community.</P>
-
-<P>This version of Squid contains initial changes to streamline copyright
-declarations in Squid sources and related metafiles. No functionality
-or licensing changes are intended.</P>
-
-<P>Once completed, the changes will consistently declare Squid contributors
-(listed in CONTRIBUTORS and represented by the Squid Software Foundation) as
-Squid copyright owners while referring the reader to the COPYING file for GPL
-licensing details. The boilerplate with the above information is provided.</P>
-
-<P>These changes do not affect copyright rights of individuals or organizations.
-We are simply confirming the fact that there are many Squid copyright owners,
-just like there are many Linux kernel copyright owners. We are also providing
-a simple, consistent way to document that fact.</P>
-
-
-<H2><A NAME="s2">2.</A> <A HREF="#toc2">Major new features since Squid-3.4</A></H2>
-
-<P>Squid 3.5 represents a new feature release above 3.4.</P>
-
-<P>The most important of these new features are:
-<UL>
-<LI>Support libecap v1.0</LI>
-<LI>Authentication helper query extensions</LI>
-<LI>Support named services</LI>
-<LI>Upgraded squidclient tool</LI>
-<LI>Helper support for concurrency channels</LI>
-<LI>Native FTP Relay</LI>
-<LI>Receive PROXY protocol, Versions 1 & 2</LI>
-<LI>Basic authentication MSNT helper changes</LI>
-</UL>
-</P>
-<P>Most user-facing changes are reflected in squid.conf (see below).</P>
-
-
-<H2><A NAME="ss2.1">2.1</A> <A HREF="#toc2.1">Support libecap v1.0</A>
-</H2>
-
-<P>Details at
-<A HREF="http://wiki.squid-cache.org/Features/eCAP">http://wiki.squid-cache.org/Features/eCAP</A>.</P>
-
-<P>The new libecap version allows Squid to better check the version of
-the eCAP adapter being loaded as well as the version of the eCAP library
-being used.</P>
-
-<P>Squid-3.5 can support eCAP adapters built with libecap v1.0,
-but no longer supports adapters built with earlier libecap versions
-due to API changes.</P>
-
-
-<H2><A NAME="ss2.2">2.2</A> <A HREF="#toc2.2">Authentication helper query extensions</A>
-</H2>
-
-<P>Details at
-<A HREF="http://www.squid-cache.org/Doc/config/auth_param/">http://www.squid-cache.org/Doc/config/auth_param/</A>.</P>
-
-<P>The new <EM>key_extras</EM> parameter allows sending of additional
-details to the authentication helper beyond the minimum required for
-the HTTP authentication. This is primarily intended to allow switching
-of authentication databases based on criteria such as client IP subnet,
-Squid receiving port, or in reverse-proxy the requested domain name.</P>
-
-<P>In theory any <EM>logformat</EM> code may be used, however only the
-codes which have available details at the time of authentication
-will send any meaningful detail.</P>
-
-
-<H2><A NAME="ss2.3">2.3</A> <A HREF="#toc2.3">Support named services</A>
-</H2>
-
-<P>Details at
-<A HREF="http://wiki.squid-cache.org/MultipleInstances">http://wiki.squid-cache.org/MultipleInstances</A>.</P>
-<P>Terminology details at
-<A HREF="http://wiki.squid-cache.org/Features/SmpScale#Terminology">http://wiki.squid-cache.org/Features/SmpScale#Terminology</A>.</P>
-
-<P>The command line option <EM>-n</EM> assigns a name to the Squid service
-instance to be used as a unique identifier for all SMP processes run as
-part of that instance. This allows multiple instances of Squid service to
-be run on a single machine without background SMP systems such as shared
-memory and inter-process communication becoming confused or requiring
-additional configuration.</P>
-
-<P>A service name is always used. When the <EM>-n</EM> option is missing
-from the command line the default service name is <EM>squid</EM>.</P>
-
-<P>When multiple instances are being run the <EM>-n</EM> service name is
-required to target all other options such as <EM>-z</EM> or <EM>-k</EM>
-commands at the correct service.</P>
-
-<P>The squid.conf macro ${service_name} is added to provide the service name
-of the process parsing the config.</P>
-
-
-<H2><A NAME="ss2.4">2.4</A> <A HREF="#toc2.4">Upgraded squidclient tool</A>
-</H2>
-
-<P>Details at
-<A HREF="http://www.squid-cache.org/Versions/v3/3.5/manuals/squidclient.html">http://www.squid-cache.org/Versions/v3/3.5/manuals/squidclient.html</A>.</P>
-
-<P>The <EM>squidclient</EM> has begun the process of upgrading to support
-protocols other than HTTP.</P>
-
-<H3>Debug levels</H3>
-
-<P>The tool displays the server response message on STDOUT unless the <EM>-q</EM>
-command line option is used. Error messages will be output to STDERR.
-All other possible output is considered debug and output to STDERR using
-a range of debug verbosity levels (currently 1, 2 and 3).</P>
-
-<P>When the <EM>-v</EM> command line option is used debugging is enabled.
-The level of debug display is raised for each repetition of the option.</P>
-
-<H3>PING</H3>
-
-<P>When <EM>--ping</EM> is given the tool will send its message repeatedly
-using whichever protocol that message has been formatted for.
-Optional parameters to limit the number of pings and their frequency are
-available.</P>
-
-<P>Older tool versions also provide this feature but require the loop count
-parameter to be set to enable use of the feature.</P>
-
-<H3>HTTPS</H3>
-
-<P>When Squid is built with the GnuTLS encryption library the tool is able
-to open TLS (or SSL/3.0) connections to servers.</P>
-
-<P>The <EM>--https</EM> option enables TLS using default values.</P>
-
-<P>The <EM>--cert</EM> option specifies a file containing X.509 client
-certificate and private key in PEM format to be loaded for use. Multiple
-certificates are supported and the option may be used multiple times to
-load certificates.
-The default is not to use a client certificate.</P>
-
-<P>The <EM>--params</EM> option specifies a library specific set of parameters
-to be sent to the library for configuring the security context.
-See
-<A HREF="http://gnutls.org/manual/html_node/Priority-Strings.html">http://gnutls.org/manual/html_node/Priority-Strings.html</A> for
-available GnuTLS parameters.</P>
-
-<P>The <EM>--trusted-ca</EM> option specifies a file in PEM format containing
-one or more Certificate Authority (CA) certificates used to verify the
-remote server. This option may be used multiple times to load additional
-CA certificate lists.
-The default is not to use any CA, nor trust any server.</P>
-
-<P>Anonymous TLS (using non-authenticated Diffi-Hellman or Elliptic Curve
-encryption) is available with the <EM>--anonymous-tls</EM> option.
-The default is to use X.509 certificate encryption instead.</P>
-
-<P>When performing TLS/SSL server certificates are always verified, the
-results shown at debug level 3. The encrypted type is displayed at debug
-level 2 and the connection is used to send and receive the messages
-regardless of verification results.</P>
-
-
-<H2><A NAME="ss2.5">2.5</A> <A HREF="#toc2.5">Helper support for concurrency channels</A>
-</H2>
-
-<P>Helper concurrency greatly reduces the communication lag between Squid
-and its helpers allowing faster transaction speeds even on sequential
-helpers.</P>
-
-<P>The Digest authentication, Store-ID, and URL-rewrite helpers packaged
-with Squid have been updated to support concurrency channels. They will
-auto-detect the <EM>channel-ID</EM> field and will produce the appropriate
-response format.
-With these helpers concurrency may now be set to 0 or any higher number as desired.</P>
-
-
-<H2><A NAME="ss2.6">2.6</A> <A HREF="#toc2.6">Native FTP Relay</A>
-</H2>
-
-<P>Details at
-<A HREF="http://wiki.squid-cache.org/Features/FtpRelay">http://wiki.squid-cache.org/Features/FtpRelay</A>.</P>
-
-<P>Squid is now capable of accepting native FTP commands and relaying native
-FTP messages between FTP clients and FTP servers. Native FTP commands
-accepted at ftp_port are internally converted or wrapped into HTTP-like
-messages. The same happens to Native FTP responses received from FTP origin
-servers. Those HTTP-like messages are shoveled through regular access
-control and adaptation layers between the FTP client and the FTP origin
-server. This allows Squid to examine, adapt, block, and log FTP exchanges.
-Squid reuses most HTTP mechanisms when shoveling wrapped FTP messages. For
-example, http_access and adaptation_access directives are used.</P>
-
-<P>FTP Relay is a new, experimental, complex feature that has seen limited
-production exposure. Some Squid modules (e.g., caching) do not currently
-work with native FTP proxying, and many features have not even been tested
-for compatibility. Test well before deploying!</P>
-
-<P>Native FTP proxying differs substantially from proxying HTTP requests with
-<EM>ftp://</EM> URIs because Squid works as an FTP server and receives
-actual FTP commands (rather than HTTP requests with FTP URLs).</P>
-
-<P>FTP Relay highlights:
-<UL>
-<LI>Added ftp_port directive telling Squid to relay native FTP commands.</LI>
-<LI>Active and passive FTP support on the user-facing side; require
-passive connections to come from the control connection source IP
-address.</LI>
-<LI>IPv6 support (EPSV and, on the user-facing side, EPRT).</LI>
-<LI>Intelligent adaptation of relayed FTP FEAT responses.</LI>
-<LI>Relaying of multi-line FTP control responses using various formats.</LI>
-<LI>Support relaying of FTP MLSD and MLST commands (RFC 3659).</LI>
-<LI>Several Microsoft FTP server compatibility features.</LI>
-<LI>ICAP/eCAP support (at individual FTP command/response level).</LI>
-<LI>Optional "current FTP directory" tracking with the assistance of
-injected (by Squid) PWD commands (cannot be 100% reliable due to
-symbolic links and such, but is helpful in some common use cases).</LI>
-<LI>No caching support -- no reliable Request URIs for that (see above).</LI>
-</UL>
-</P>
-
-<H2><A NAME="ss2.7">2.7</A> <A HREF="#toc2.7">Receive PROXY protocol, Versions 1 & 2</A>
-</H2>
-
-<P>More info at
-<A HREF="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt">http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt</A></P>
-
-<P>PROXY protocol provides a simple way for proxies and tunnels of any kind to
-relay the original client source details without having to alter or understand
-the protocol being relayed on the connection.</P>
-
-<P>Squid currently supports receiving HTTP traffic from a client proxy using this protocol.
-An http_port which has been configured to receive this protocol may only be used to
-receive traffic from client software sending in this protocol.
-HTTP traffic without the PROXY header is not accepted on such a port.</P>
-
-<P>The <EM>accel</EM> and <EM>intercept</EM> options are still used to identify the HTTP
-traffic syntax being delivered by the client proxy.</P>
-
-<P>Squid can be configured by adding an <EM>http_port</EM>
-with the <EM>require-proxy-header</EM> mode flag. The <EM>proxy_protocol_access</EM>
-must also be configured with <EM>src</EM> ACLs to whitelist proxies which are
-trusted to send correct client details.</P>
-
-<P>Forward-proxy traffic from a client proxy:
-<PRE>
- acl frontend src 192.0.2.1
- http_port 3128 require-proxy-header
- proxy_protocol_access allow frontend
-</PRE>
-</P>
-
-<P>Intercepted traffic from a client proxy or tunnel:
-<PRE>
- acl frontend src 192.0.2.2
- http_port 3128 intercept require-proxy-header
- proxy_protocol_access allow frontend
-</PRE>
-</P>
-
-<P>Reverse-proxy traffic from a frontend load balancer sending PROXY protocol:
-<PRE>
- acl frontend src 192.0.2.3
- http_port 3128 accel require-proxy-header
- proxy_protocol_access allow frontend
-</PRE>
-</P>
-
-<P><EM>Known Issue:</EM>
-Use of <EM>require-proxy-header</EM> on <EM>https_port</EM> and <EM>ftp_port</EM> is not supported.</P>
-
-
-<H2><A NAME="ss2.8">2.8</A> <A HREF="#toc2.8">Basic authentication MSNT helper changes</A>
-</H2>
-
-<P>The authentication helper previously known as <EM>basic_msnt_auth</EM> has
-been deprecated and renamed to <EM>basic_smb_lm_auth</EM> to reflect that
-it only performs SMB LanMan protocol(s) instead of modern MS authentication
-protocols.</P>
-
-<P>The <EM>basic_smb_lm_auth</EM> helper has been remodelled and no longer uses
-configuration files. The Doman Controller servers are now configured via
-command line parameters and user credentials are looked up in each DC in the
-order configured until one matches or all have confirmed a non-match.</P>
-
-<P>The <EM>MSNT-multi-domain</EM> helper provides the same functionality and
-is also deprecated. It will be removed in the Squid-3.6 series.</P>
-
-
-
-<H2><A NAME="s3">3.</A> <A HREF="#toc3">Changes to squid.conf since Squid-3.4</A></H2>
-
-<P>There have been changes to Squid's configuration file since Squid-3.4.</P>
-
-<P>Squid supports reading configuration option parameters from external
-files using the syntax <EM>parameters("/path/filename")</EM>. For example:
-<PRE>
- acl whitelist dstdomain parameters("/etc/squid/whitelist.txt")
-</PRE>
-</P>
-
-<P>The squid.conf macro <EM>${service_name}</EM> is added to provide the service name
-of the process parsing the config.</P>
-
-<P>There have also been changes to individual directives in the config file.</P>
-<P>This section gives a thorough account of those changes in three categories:</P>
-<P>
-<UL>
-<LI>
-<A HREF="#newtags">New tags</A></LI>
-<LI>
-<A HREF="#modifiedtags">Changes to existing tags</A></LI>
-<LI>
-<A HREF="#removedtags">Removed tags</A></LI>
-</UL>
-</P>
-
-
-<H2><A NAME="newtags"></A> <A NAME="ss3.1">3.1</A> <A HREF="#toc3.1">New tags</A>
-</H2>
-
-<P>
-<DL>
-<DT><B>collapsed_forwarding</B><DD>
-<P>Ported from Squid-2 with no configuration or visible behaviour changes.
-Collapsing of requests is performed across SMP workers.</P>
-
-<DT><B>ftp_client_idle_timeout</B><DD>
-<P>New directive controlling how long to wait for an FTP request on a
-client connection to Squid <EM>ftp_port</EM>.</P>
-<P>Many FTP clients do not deal with idle connection closures well,
-necessitating a longer default timeout (30 minutes) than
-<EM>client_idle_pconn_timeout</EM> used for incoming HTTP requests (2
-minutes).</P>
-<P>The current default may be changed as we get more experience with FTP relaying.</P>
-
-<DT><B>ftp_port</B><DD>
-<P>New configuration directive to accept and relay native FTP
-commands. Typically used for port 21 traffic. By default, native
-FTP commands are not accepted.</P>
-
-<DT><B>proxy_protocol_access</B><DD>
-<P>New directive to control which clients are permitted to open PROXY
-protocol connections on a port flagged with <EM>require-proxy-header</EM>.</P>
-
-<DT><B>send_hit</B><DD>
-<P>New configuration directive to enable/disable sending cached content
-based on ACL selection. ACL can be based on client request or cached
-response details.</P>
-
-<DT><B>sslproxy_cert_sign_hash</B><DD>
-<P>New directive to set the hashing algorithm to use when signing generated certificates.</P>
-
-<DT><B>sslproxy_session_cache_size</B><DD>
-<P>New directive which sets the cache size to use for TLS/SSL sessions cache.</P>
-
-<DT><B>sslproxy_session_ttl</B><DD>
-<P>New directive to specify the time in seconds the TLS/SSL session is valid.</P>
-
-<DT><B>store_id_extras</B><DD>
-<P>New directive to send additional lookup parameters to the configured
-Store-ID helper program. It takes a string which may contain logformat %macros.</P>
-<P>The Store-ID helper input format is now:
-<PRE>
- [channel-ID] url [extras]
-
-</PRE>
-</P>
-<P>The default value for extras is: "%>a/%>A %un %>rm myip=%la myport=%lp"</P>
-
-<DT><B>store_miss</B><DD>
-<P>New configuration directive to enable/disable caching of MISS responses.
-ACL can be based on any request or response details.</P>
-
-<DT><B>url_rewrite_extras</B><DD>
-<P>New directive to send additional lookup parameters to the configured
-URL-rewriter/redirector helper program. It takes a string which may
-contain logformat %macros.</P>
-<P>The url rewrite and redirector helper input format is now:
-<PRE>
- [channel-ID] url [extras]
-
-</PRE>
-</P>
-<P>The default value for extras is: "%>a/%>A %un %>rm myip=%la myport=%lp"</P>
-
-</DL>
-</P>
-
-<H2><A NAME="modifiedtags"></A> <A NAME="ss3.2">3.2</A> <A HREF="#toc3.2">Changes to existing tags</A>
-</H2>
-
-<P>
-<DL>
-<DT><B>acl</B><DD>
-<P>Deprecated type <EM>tag</EM>. Use type <EM>note</EM> with 'tag' key
-name instead.</P>
-<P>New type <EM>adaptation_service</EM> to match the name of any
-icap_service, ecap_service, adaptation_service_set, or
-adaptation_service_chain that Squid has used (or attempted to use)
-for the HTTP transaction so far.</P>
-<P>New type <EM>at_step</EM> to match the current SSL-Bump processing step.
-Never matches and should not be used outside of <EM>ssl_bump</EM>.</P>
-<P>New types <EM>ssl::server_name</EM> and <EM>ssl::server_name_regex</EM>
-to match server name from various sources (CONNECT authority name,
-TLS SNI domain, or X.509 certificate Subject Name).</P>
-
-<DT><B>auth_param</B><DD>
-<P>New parameter <EM>key_extras</EM> to send additional parameters to
-the authentication helper.</P>
-
-<DT><B>cache_dir</B><DD>
-<P>New support for larger than 32KB objects in both <EM>rock</EM> type
-cache and shared memory cache.</P>
-<P>New <EM>slot-size=N</EM> option for rock cache to specify the database
-slot/page size when small slot sizes are desired. The default and
-maximum slot size is 32KB.</P>
-<P>Removal of old rock cache dir followed by <EM>squid -z</EM> is required
-when upgrading from earlier versions of Squid.</P>
-<P><EM>COSS</EM> storage type is formally replaced by Rock storage type.
-COSS storage type and all COSS specific options are removed.</P>
-
-<DT><B>cache_peer</B><DD>
-<P>New <EM>standby=N</EM> option to retain a set of N open and unused
-connections to the peer at virtually all times to reduce TCP handshake
-delays.</P>
-<P>These connections differ from HTTP persistent connections in that they
-have not been used for HTTP messaging (and may never be). They may be
-turned into persistent connections after their first use subject to the
-same keep-alive critera any HTTP connection is checked for.</P>
-<P>Squid-2 option <EM>idle=</EM> replaced by <EM>standby=</EM>.</P>
-<P>NOTE that standby connections are started earlier and available in
-more circumstances than squid-2 idle connections were. They are
-also spread over all IPs of the peer.</P>
-
-<DT><B>configuration_includes_quoted_values</B><DD>
-<P>Regex pattern values cannot be parsed in parts of squid.conf when this
-directive is configured to <EM>ON</EM>. Instead of quoted strings Squid
-now accepts regex \-escaped characters (including escaped spaces) in all
-regex patterns.</P>
-
-<DT><B>external_acl_type</B><DD>
-<P>New format code <EM>%ssl::>sni</EM> to send SSL client SNI.</P>
-<P>New format code <EM>%ssl::<cert_subject</EM> to send SSL server certificate DN.</P>
-<P>New format code <EM>%ssl::<cert_issuer</EM> to send SSL server certificate issuer DN.</P>
-<P>New format code <EM>%un</EM> to send any available user name (requires 3.5.7 or later).</P>
-<P>New response kv-pair <EM>clt_conn_tag=</EM> to associates a given tag with the client TCP connection.</P>
-
-<DT><B>forward_max_tries</B><DD>
-<P>Default value increased to <EM>25 destinations</EM> to allow better
-contact and IPv4 failover with domains using long lists of IPv6
-addresses.</P>
-
-<DT><B>ftp_epsv</B><DD>
-<P>Converted into an Access List with allow/deny value driven by ACLs
-using Squid standard first line wins matching basis.</P>
-<P>The old values of <EM>on</EM> and <EM>off</EM> imply <EM>allow all</EM>
-and <EM>deny all</EM> respectively and are now deprecated.
-Do not combine use of on/off values with ACL configuration.</P>
-
-<DT><B>http_port</B><DD>
-<P><EM>protocol=</EM> option altered to accept protocol version details.
-Currently supported values are: HTTP, HTTP/1.1, HTTPS, HTTPS/1.1</P>
-<P>New option <EM>require-proxy-header</EM> to mark ports receiving PROXY
-protocol version 1 or 2 traffic.</P>
-
-<DT><B>https_port</B><DD>
-<P><EM>protocol=</EM> option altered to accept protocol version details.
-Currently supported values are: HTTP, HTTP/1.1, HTTPS, HTTPS/1.1</P>
-
-<DT><B>logformat</B><DD>
-<P>New format code <EM>%credentials</EM> to log the client credentials token.</P>
-<P>New format code <EM>%ssl::>sni</EM> to TLS client SNI sent to Squid.</P>
-<P>New format code <EM>%tS</EM> to log transaction start time in
-"seconds.milliseconds" format, similar to the existing access.log
-"current time" field (%ts.%03tu) which logs the corresponding
-transaction finish time.</P>
-<P>New format codes <EM>%<rs</EM> and <EM>%>rs</EM> to log request URL
-scheme from client or sent to server/peer respectively.</P>
-<P>New format codes <EM>%<rd</EM> and <EM>%>rd</EM> to log request URL
-domain from client or sent to server/peer respectively.</P>
-<P>New format codes <EM>%<rP</EM> and <EM>%>rP</EM> to log request URL
-port from client or sent to server/peer respectively.</P>
-
-<DT><B>ssl_bump</B><DD>
-<P>Bumping 'modes' redesigned as 'actions' and ACLs evaluated repeatedly in a number of steps.</P>
-<P>Renamed <EM>server-first</EM> as <EM>bump</EM> action.</P>
-<P>Renamed <EM>none</EM> as <EM>splice</EM> action.</P>
-<P>New actions <EM>peek</EM> and <EM>stare</EM> to receive client or server
-certificate while preserving the ability to later decide between bumping
-or splicing the connections later.</P>
-<P>New action <EM>terminate</EM> to close the client and server connections.</P>
-
-<DT><B>url_rewrite_program</B><DD>
-<P>New response kv-pair <EM>clt_conn_tag=</EM> to associates a given tag with the client TCP connection.</P>
-
-</DL>
-</P>
-
-<H2><A NAME="removedtags"></A> <A NAME="ss3.3">3.3</A> <A HREF="#toc3.3">Removed tags</A>
-</H2>
-
-<P>
-<DL>
-<DT><B>cache_dns_program</B><DD>
-<P>DNS external helper interface has been removed. It was no longer
-able to provide high performance service and the internal DNS
-client library with multicast DNS cover all modern use-cases.</P>
-
-<DT><B>dns_children</B><DD>
-<P>DNS external helper interface has been removed.</P>
-
-<DT><B>hierarchy_stoplist</B><DD>
-<P>Removed. The old directive values prohibiting CGI and dynamic content
-going to cache_peer are no longer relevant.</P>
-<P>The functionality provided by this directive can be configured
-using <EM>always_direct allow</EM> if still needed.</P>
-
-</DL>
-</P>
-
-
-<H2><A NAME="s4">4.</A> <A HREF="#toc4">Changes to ./configure options since Squid-3.4</A></H2>
-
-<P>There have been some changes to Squid's build configuration since Squid-3.4.</P>
-<P>This section gives an account of those changes in three categories:</P>
-<P>
-<UL>
-<LI>
-<A HREF="#newoptions">New options</A></LI>
-<LI>
-<A HREF="#modifiedoptions">Changes to existing options</A></LI>
-<LI>
-<A HREF="#removedoptions">Removed options</A></LI>
-</UL>
-</P>
-
-
-<H2><A NAME="newoptions"></A> <A NAME="ss4.1">4.1</A> <A HREF="#toc4.1">New options</A>
-</H2>
-
-<P>
-<DL>
-<DT><B>BUILDCXX=</B><DD>
-<P>Used when cross-compiling Squid.</P>
-<P>The path and name of a compiler for building cf_gen and related
-tools used in the compile process.</P>
-
-<DT><B>BUILDCXXFLAGS=</B><DD>
-<P>Used when cross-compiling Squid.</P>
-<P>C++ compiler flags used for building cf_gen and related
-tools used in the compile process.</P>
-
-<DT><B>--without-gnutls</B><DD>
-<P>New option to explicitly disable use of GnuTLS encryption library.
-Use of this library is auto-enabled if v3.1.5 or later is available.</P>
-<P>It is currently only used by the squidclient tool.</P>
-
-<DT><B>--without-mit-krb5</B><DD>
-<P>New option to explicitly disable use of MIT Kerberos library.
-Default is to auto-detect and use if possible.</P>
-<P>Only one Kerberos library may be built against.</P>
-
-<DT><B>--without-heimdal-krb5</B><DD>
-<P>New option to explicitly disable use of Hiemdal Kerberos library.
-Default is to auto-detect and use if possible.</P>
-<P>Only one Kerberos library may be built against.</P>
-
-<DT><B>--without-gnugss</B><DD>
-<P>New option to explicitly disable use of GNU GSSAPI library for Kerberos.
-Default is to auto-detect and use if possible.</P>
-<P>Only one Kerberos library may be built against.</P>
-
-</DL>
-</P>
-
-<H2><A NAME="modifiedoptions"></A> <A NAME="ss4.2">4.2</A> <A HREF="#toc4.2">Changes to existing options</A>
-</H2>
-
-<P>
-<DL>
-<DT><B>--enable-icap-client</B><DD>
-<P>Deprecated. ICAP client is now auto-enabled.
-Use --disable-icap-client to disable if you need to.</P>
-
-</DL>
-</P>
-<H2><A NAME="removedoptions"></A> <A NAME="ss4.3">4.3</A> <A HREF="#toc4.3">Removed options</A>
-</H2>
-
-<P>
-<DL>
-<DT><B>--disable-internal-dns</B><DD>
-<P>DNS external helper interface has been removed. It was no longer
-able to provide high performance service and the internal DNS
-client library with multicast DNS cover all modern use-cases.</P>
-
-<DT><B>--enable-ssl</B><DD>
-<P>Removed. Use <EM>--with-openssl</EM> to enable OpenSSL library support.</P>
-
-<DT><B>--with-coss-membuf-size</B><DD>
-<P>The COSS cache type has been removed.
-It has been replaced by <EM>rock</EM> cache type.</P>
-
-<DT><B>--with-krb5-config</B><DD>
-<P>Removed. The Kerberos library is auto-detected now.</P>
-<P>Use <EM>--with/--without-mit-krb5</EM>, <EM>--with/--without-heimdal-krb5</EM>, or
-<EM>--with/--without-gnugss</EM> options for specific library selection if necesary.</P>
-
-</DL>
-</P>
-
-
-<H2><A NAME="s5">5.</A> <A HREF="#toc5">Regressions since Squid-2.7</A></H2>
-
-<P>Some squid.conf options which were available in Squid-2.7 are not yet available in Squid-3.5</P>
-
-<P>If you need something to do then porting one of these from Squid-2 to Squid-3 is most welcome.</P>
-
-<H2><A NAME="ss5.1">5.1</A> <A HREF="#toc5.1">Missing squid.conf options available in Squid-2.7</A>
-</H2>
-
-<P>
-<DL>
-<DT><B>broken_vary_encoding</B><DD>
-<P>Not yet ported from 2.6</P>
-
-<DT><B>cache_peer</B><DD>
-<P><EM>monitorinterval=</EM> not yet ported from 2.6</P>
-<P><EM>monitorsize=</EM> not yet ported from 2.6</P>
-<P><EM>monitortimeout=</EM> not yet ported from 2.6</P>
-<P><EM>monitorurl=</EM> not yet ported from 2.6</P>
-
-<DT><B>cache_vary</B><DD>
-<P>Not yet ported from 2.6</P>
-
-<DT><B>error_map</B><DD>
-<P>Not yet ported from 2.6</P>
-
-<DT><B>external_refresh_check</B><DD>
-<P>Not yet ported from 2.7</P>
-
-<DT><B>location_rewrite_access</B><DD>
-<P>Not yet ported from 2.6</P>
-
-<DT><B>location_rewrite_children</B><DD>
-<P>Not yet ported from 2.6</P>
-
-<DT><B>location_rewrite_concurrency</B><DD>
-<P>Not yet ported from 2.6</P>
-
-<DT><B>location_rewrite_program</B><DD>
-<P>Not yet ported from 2.6</P>
-
-<DT><B>refresh_pattern</B><DD>
-<P><EM>stale-while-revalidate=</EM> not yet ported from 2.7</P>
-<P><EM>ignore-stale-while-revalidate=</EM> not yet ported from 2.7</P>
-<P><EM>negative-ttl=</EM> not yet ported from 2.7</P>
-
-<DT><B>refresh_stale_hit</B><DD>
-<P>Not yet ported from 2.7</P>
-
-<DT><B>update_headers</B><DD>
-<P>Not yet ported from 2.7</P>
-
-</DL>
-</P>
-
-<H2><A NAME="s6">6.</A> <A HREF="#toc6">Copyright</A></H2>
-
-<P>Copyright (C) 1996-2015 The Squid Software Foundation and contributors</P>
-<P>Squid software is distributed under GPLv2+ license and includes
-contributions from numerous individuals and organizations.
-Please see the COPYING and CONTRIBUTORS files for details.</P>
-
-</BODY>
-</HTML>
projects / thirdparty / squid.git / commitdiff
