With SSL-bumping enabled, with an unpatched version of Squid, the service can crash with this errormessage:
!Comm::MonitorsRead assertion in HttpStateData::maybeReadVirginBody()
This bug is fixed in Squid version 5, which was a sponsored effort by the developers of Squid. There is an effort of getting a bugfix into v4, which can be followed here.
There also is an unofficial backport of the v5 patch announced by Alex Rousskov here and attached here. It apparently fixes the crash (all my reproducible test cases were resolved by this patch, and i am not aware of side-effects). Some Linux distributions apply this patch to their packaged versions of Squid version 4, but unfortunately is not included with Debian GNU/Linux 10 „buster“, which is the current stable release.
Until then, the following describes a simple way of creating a locally patched version of the squid package:
apt -y install build-essential devscripts quilt
apt-get -y build-dep squid
apt-get source squid
curl -k https://bugs.squid-cache.org/attachment.cgi?id=3739 -o /tmp/4846.diff
quilt import /tmp/4846.diff
debchange --local "~patch" --no-auto-nmu \
"Applied long term fix v4 take 2 for Squid bug 4864"
# Check debian/changelog
This renders Debian packages of squid that can be installed using dpkg. The packages will have their version appended with local suffix „~patch1“. Change the value for option --local of debchange to control the version suffix. During above procedure, check debian/changelog where indicated to see if the result meets your requirements.