Version 18.104.22.168 of CacheFlow appliance software includes support for WebSocket protocol tunneling.
New Features in this release:
This release introduces policy to support upgrade requests to the WebSocket protocol.
A WebSocket protocol upgrade request is an optional HTTP request header, (upgrade=) with websocket as the only possible value. When issued by the client, this header seeks to upgrade the protocol from HTTP to WebSocket. Without this feature, WebSocket protocol upgrade requests result in a 400 bad request error when processed through a CacheFlow appliance. Once a WebSocket protocol upgrade request is fulfilled, the connection between the client and server is tunneled.
All content filtering, authentication and other policy activities can only affect the request before the protocol upgrade takes place. WebSocket tunneling support is enabled by default in this release.
Issues resolved with this release:
Fixed a slow memory leak that occurs when the client-side connection is closed while the server-side connection is being established, after the CacheFlow appliance has been running for several days (SR 4-000004605, SR 4-112324540, SR 5-060558977, SR 5-063071993, B#220944).
Fixed a restart caused by linear memory fragmentation (SR 5-062971265, B#222434).
Fixed a restart caused by 32bit variable overrun after 49 days and 17 hours of up-time (SR 5-070774619, SR 5-071376804, SR 5-072983539, B#222437).
Fixed a restart in IPv6 Neighbour Discovery caused by missing thread protection (B#220512, B#220945).
Some licensing-related syslog messages related to download attempts no longer use incorrect error codes (B#222466).
Fixed CVE-2015-1790 PKCS7 crash with missing EnvelopedContent (B#220985).
Fixed CVE-2015-1792 CMS verify infinite loop with unknown hash function (B#220988).
SSL/TLS and PKI: Fixed CVE-2015-1789 Exploitable out-of-bounds read in X509_cmp_time. For more information, see SA98.
SSL/TLS and PKI: Fixed CVE-2015-000 (Logjam) Limit accepted Diffie-Hellman group size.For more information, see SA98.
Any existing CacheFlow customers who require WebSocket support, or who have experienced issues that have been resolved with this release.
The CacheFlow 3.x WebGuide has been updated to support this release. It is available here: .https://bto.bluecoat.com/webguides/cacheflow/3x/3_4/webguide/index.htm
The following issues are known to be present in CacheFlow appliance software version 22.214.171.124:
While proxying traffic under moderate resource load, the appliance may bypass/drop some traffic due to overload (according to the configured overload handling option, and corresponding entries appear in the event log indicating the number of bypassed/dropped connections). Running additional disk-intensive activities such as writing access logs or performing content-filter updates seems to exacerbate this behaviour. If the amount of bypassed/dropped traffic becomes unacceptable, it is recommended to either disable access logging, restrict content filter update times, reduce the traffic load to the appliance, or some combination of these actions (B#182986).
Connecting the CacheFlow to a 100Mbit switch in half-duplex mode is not supported (B#144719).
Some browsers, including Firefox version 10.0.2, may report an error when attempting to install complex policy with a large number of rules. If you encounter this issue, try an alternative browser (B#174478).
Imported Document ID: 000027608
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.