On Wed, Nov 18, 2009 at 10:25 PM, The Psycho Chicken <psychochicken@xxxxxxxxxxxxxxxxxxxx> wrote: > Hi, > > Has anyone looked at the impact of the recent TLS/SSL vulnerability > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555) on Squid? If > you're using Squid as a HTTPS reverse proxy then it has SSL exposed to the > Internet. > > I haven't noticed anything in the mailing lists. Squid is as vulnerable as any other product based on SSL. Unfortunately there's not much we developers can do. The burden falls on the (open)ssl library implementors, and all we can do is wait. Some OS vendors have already started shipping an updated ssl library which somehow plugs the hole. After that (dynamic) library has been installed on the host OS, Squid (after a restart at most) is immediately protected from the flaw. -- /kinkie