Please Enable SSL Gatewaying Support
Bug #1294810 reported by
Kevin Shenk
This bug affects 3 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| squid3 (Ubuntu) |
Triaged
|
Wishlist
|
Unassigned | ||
Bug Description
Many schools and businesses are using Squid as a content filter for their internal networks.
The current squid package distributed by Ubuntu works great for this, except that SSL gatewaying support is not enabled, creating a filtering vulnerability: wherever possible, users can easily switch from the HTTP to the HTTPS protocol to bypass content filtering.
The workaround is to add two switches at compile time:
--enable-ssl
As this seems to simply enable a feature, is there any reason not to enable these?
SOURCE: https:/
Revision history for this message
| Robie Basak (racb) wrote | #1 |
| Changed in squid3 (Ubuntu): | |
| importance: | Undecided → Wishlist |
| status: | New → Triaged |
To post a comment you must log in.
Thank you for taking the time to report this bug and helping to make Ubuntu better.
We're well past feature freeze for Trusty now, so this change is unlikely to be able to be made for Trusty.
We inherit the configure switches from Debian, so it would be worth checking to see if this issue affects Debian too, and if it does then to report this to Debian BTS to see if the Debian maintainers are willing to enable these switches. If this happens, then Ubuntu will be able to pick up this change next cycle.
Note that if this is OpenSSL, then there may need to be a license exception made by upstream to link against squid (which is GPL), since these licenses are not compatible without one, and I don't see any such exception. This may need further investigation to find out if it possible.