All logging formats have been removed from the core and records.config, and are now exclusively enabled and managed via logs_xml.config. The default file will create the binary squid blog as before, but if you have made changes to your records.config prior to upgrading, you must apply those changes to the appropriate configurations in the XML configuration.
SSL host verification
As of TS-3608, ATS will now correctly verify that the host header and certificate SN matches properly. This can cause problems, if your setup is such that you have a mismatch, and just didn't notice it before. If that is the case, you can either fix the certificate, or possible tweak the proxy.config.url_remap.pristine_host_hdr configuration.
The cache format in this release is compatible with previous 4.x and 5.x releases.
New configuration defaults (changes since 5.3.0)
- Changed proxy.config.diags.show_location from the default value of 0 to 1. This will add information to the debug logs for what file, line, and function is logging the debug message.
- Changed proxy.config.ssl.server.cipher_suite and removed RC4.
- Changed proxy.config.net.max_connections_in from 0 to 30000 and added proxy.config.net.max_connections_active_in with a default value of 10000 to records.config. These configuration option will limit the number of incoming connections and the number of incoming active connections, concurrently handling requests.
- Changed proxy.config.http.redirect_host_no_port from 0 to 1.
- Changed proxy.config.admin.api.restricted from 1 to 0.
- Changed proxy.config.http.connect_attempts_max_retries from 6 to 3.
- Changed proxy.config.http.connect_attempts_max_retries_dead_server from 3 to 1.
- Changed proxy.config.http.down_server.cache_time from 300 to 60.
- Changed proxy.config.net.sock_option_flag_in from 0 to 5.
- Changed proxy.config.hostdb.lookup_timeout from 120 to 30.
- Changed proxy.config.hostdb.host_file.path from /etc/hosts to NULL.
- Changed proxy.config.ssl.number.threads from 0 to -1, disable having separate threads for SSL/TLS, now non-TLS and TLS connections share the same thread pool.