On 16/02/2016 3:12 p.m., Jason Haar wrote: > On Tue, Feb 16, 2016 at 2:48 AM, Amos Jeffries wrote: > >> Thanks for the reminder. I dont recall seeing a bug report being made. >> Though Jason has sent me a more detailed cache.log trace to work with. >> > > > Yeah - I actually got half-way through putting in a bug report twice - but > ditched it for this and that reason. There's also evidence that this > affects http as well as https. When I was digging through the 2G cache.log > file for the SSL intercept related forgery samples, I found some http > related ones too. I wonder if this is generic to all intercept traffic > instead of https specific? > Ah. If it is the same thing, then it probably is bug 3940. The patch in there seems to work as a temporary fix, I am just holding off applying until we can audit to ensure the flags are used correcty everywhere else as well. PS. that audit was supposed to start yesterday, but got stuck with a vulnerability issue this week. Looks like it will begin later today. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users