Re: NTLM passthrough broken in 3.1.3 and higher

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 29 Jan 2011 14:43:05 +1300

On 29/01/11 11:17, Phil Oester wrote:
> On Tue, Jan 25, 2011 at 09:53:59PM +0000, Amos Jeffries wrote:
>> On Tue, 25 Jan 2011 13:26:02 -0800, Phil Oester wrote:
>>> In revision 9957 (Remove HTTP/1.1 sent to clients), NTLM passthrough
>>> was broken for Outlook clients, which require 1.1 to work properly.
>>> When receiving 1.0, Outlook closes the connection (which breaks NTLM
>>> since it requires a continued session). Version 3.1.2 works fine
>>> for these clients. Note this is likely the cause of bug 3141.
>>
>> The "http11" option has never been part of squid-3. It was an experiment
>> in 2.7 to see if sending 1.1 was possible yet. It looked successful so we
>> made it live in 3.1. But had to cut it out again quickly as you noticed. It
>> turns out the common browser software all wants to actually use HTTP/1.1
>> performance features which 3.1 does not support.
>>
>> Feel free to undo the removal patch for your Squid-3.1 if you find those
>> problems not to be relevant on your network. Or to use 3.2.
>
> Yes, we have worked around the two 1.1 deficiencies by:
>
> 1) Block chunked encoding:
>
> request_header_access Accept-Encoding deny all
>
> 2) ignore_expect_100 on
>
> And reenabled http 1.1 to clients in 3.1.10.
>
> BTW - any idea/roadmap for when 3.2.x series will be deemed stable?

I have hopes for around March sometime. It depends on a few
architectural fixes and some bugs.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.10
   Beta testers wanted for 3.2.0.4
Received on Sat Jan 29 2011 - 01:43:18 MST

This archive was generated by hypermail 2.2.0 : Sat Jan 29 2011 - 12:00:06 MST