On 29/10/18 9:20 AM, Jason Haar wrote: > Hi there > > I'm running a vulnerable version of squid (ie "--with-openssl" and > "--enable-ssl") but due to issues with bumping not working well, don't > actually do it (ie sslcrtd_program and ssl_bump not defined/etc). > > So does that mean we can't actually be affected by this vulnerability? The problem is in the error page generated. So while it is most visible with bump'ed traffic it also can occur whenever Squid is the agent performing the TLS handshake with a server. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users