Hello,
I accidentally came across this. I was trying to test what TLS version
my squid reports.
So I ran this command:
openssl s_client -connect 192.168.1.2:8081
where 8081 is https_port on which squid runs. (with sslbump)
And BOOM, squid went in to infinite loop! And started running out of
file descriptors.
It continued the loop even after I ctrl-c'ed the openssl.
I suppose this happens due to server-first in sslbump, where squid keeps
trying to connect to self in an infinite loop.
Port 8081 is NOT listed in Safe_ports. So shouldn't squid be blocking it
before trying server-first?
Or shouldn't squid check something like this?
If (destIP == selfIP and destPort == selfPort) then break?
I am also not sure if this can be used to DoS. So just reporting,
Amm.
