LiveZilla Live Help

You are here

SafeSquid for Windows SWG.2015.0509.1500.2 Released

Feature modifications & Enhancements

  1. SafeSquid Windows SWG now supports SSL context caching to improve the performance of SSL inspection.
    SSL context caching is a performance optimizer that allows a client / server pair to re-use previously generated crypto context, so that they don't have to compute new crypto context every time a connection gets established.
    SafeSquid caches the SSL context into the memory to reuse by other SSL client/server pair.
     
  2. SafeSquid for Windows SWG now provides SSL session resumption to improve the performance of SSL inspection.
    In HTTPS two extra round trips of the standard TCP handshake is required for successful communication between client and server. In this release SSL session resumption mechanism is introduced to overcome this drawback.
    Session resumption is performance enhancer that allows a client / server pair to re-use previously generated crypto session, so that they don't have to compute new crypto keys every time when a connection gets established.
    Addition of this mechanism ensures better performance of SSL inspection.
     
  3. Implemented facility to update LDAP database in real time. After modification in LDAP configuration no need to restart SafeSquid.
     
  4. Implemented LDAP page control search.
    This feature allows you to fetch all entries of LDAP directory tree structure. This can be accomplished using single policy in LDAP configuration.
     
  5. Improved outbound connections closure mechanism to avoid delay in outbound connections re-usability.
    All the idle unused outbound connections are added to pool. A dedicated thread will remove the connections from pool one by one.
    There was slight delay of outbound connections re-usability due to prior accumulation of LOCK.
    In this release better resolution is applied to overcome the delay.
     
  6. Integrated display of number of concurrent connections, named users and concurrent users on Statistics page.
    Modified statistics page to display the number of concurrent connections, named users and concurrent users at real time.
     
  7. Added display of all the active users list along with concurrent connections opened by individual user on Active Connections page.
    Active Connections page will now display all the active users list along with number of concurrent connections opened by those users.
     
  8. Added field named "SSL Cache Store Size" in SSL inspection section to improve the performance of SSL inspection.
    Added new field into SSL inspection section named "SSL Cache Store Size". SafeSquid caches SSL sessions and contexts to improve the performance of SSL inspection.
    Previously default value was been used to set maximum store size which causes SafeSquid to accumulate large memory.
    Now this value can be adjusted according to server's RAM size. Due to this memory consumption performance will be improved.

    Note: Set "SSL Cache Store Size" value to 500 if server's RAM size is less than 8GB, else increase the
            value proportional to RAM of your system. Every time "SSL Cache Store Size" value is modified
            SafeSquid needs a restart to set the store sizes.
     
  9. Modified updation procedure for Virus signatures and Website classification database.
    In former releases of SafeSquid SWG, Virus signatures and Website classification database were updated after every one hour. Support team reported the problem with this process.
    As per the procedure Virus signatures and Website classification database updates should be downloaded only when, SafeSquid subscription update process is succeeded.
    From this release updates will be downloaded upon successful update of subscription information.
     
  10. Added "Refresh Details" button on About page to instantly updating the subscription information.
    Improved outbound connections re-usability mechanism.
     
  11. Improved outbound connections re-usability mechanism.
    Changes have been done in the current release to improve adding / retrieving the outbound connections to / from pool.
    This ensures better working of outbound connections re-usability mechanism.
     
  12. Improved handling of subscription updating mechanism.
    In new subscription mechanism SafeSquid product will get subscription information from the subscription server.
    If SafeSquid SWG product is unable to contact subscription server for 5 hours( failure timeout ), then SafeSquid will not handle any client requests.
    Some organizations reported the problem when DNS server failed.
    In this release failure timeout period of 5 hours is increased to 168 hours.

     

Bug fixes

  1. Bug Fix to prevent latency in outbound connections re-usability.
    A bug was discovered that caused SafeSquid to delay of reusing outbound connections due to bi-directional ssl_shutdown.
    In this release problem is been resolved by using proper closure mechanism of outbound connections.
     
  2. Memory leak in SafeSquid Subscription.
    The effect of this bug was visible in Subscription update process.
    In SafeSquid subscription update process some temporary information needs to be stored.
    However, it was noticed that process fails to return memory that it has obtained for temporary use.
    In this release problem is been resolved.
     
  3. Memory leak in SSL inspection.
    The effect of this bug was visible in SSL inspection process.
    A memory leak caused in SSL inspection process was identified due to incorrect session closure.
    Fixed issue in SSL inspection even if session is closed incorrectly.
     
  4. BugFix for accounting subscription information.
    This bug got "accidentally" introduced in earliest SWG releases and continued to exist in all subsequently released versions.
    Found that SafeSquid subscription accounting information was been calculated incorrectly.
    Fixed the problem to obtain user-name and connections details in user database.
     
  5. BugFix for a broken template functionality where users are been blocked due to inappropriate subscription handling.
    A bug was discovered that caused SafeSquid to send the template and block users which actually should not. This problem was with named and concurrent users subscription only.
    Consider a scenario where client had purchased named users subscription with 10 users. All 10 user details will be stored in database. When a new user which is not in database tries to surf will be blocked. A template of "already serving 10 users" will be send.
    The effect of this bug is visible when after blocking the new user, SafeSquid blocks and send the same template to all users present in database.
    In this release problem is been resolved.
     
  6. Bug Fix for socket connections lying in CLOSE_WAIT state.
    It was discovered that SafeSquid was not able to close the sockets which are waiting for SSL bi-directional shut-down. This causes Sockets to move to CLOSE_WAIT state. Due to this too many files remained open and system became unstable.
    Fixed issue to prevent sockets lying in CLOSE_WAIT state for long time.
     

NOTE:-
        Remove the certificates from security directory when pass phrase is modified.
        SafeSquid caches certificates generated for remote SSL servers. While storing certificates on disk,
        SafeSquid uses pass phrase configured in SSL inspection section. If pass phrase in SSL inspection
        section is modified then SafeSquid will not reload cached certificates.
        It is recommended to remove all the certificates from security directory
        (i.e. /opt/safesquid/bin/security) when pass phrase is modified.
 

The Link for SafeSquid for Linux SWG.2015.0509.1500.2 is-
       
SafeSquid_SWG_Conceptual_Edition_2015.0509.1500.2.exe