Search squid archive

RE: Reverse Proxy SSL Options

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



fre 2010-03-19 klockan 10:09 -0500 skrev Dean Weimer:

> Thanks for the info that worked, almost, I added the following entries.
> 
> sslproxy_options NO_SSLv2
> sslproxy_cipher
> ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2

sslproxy_* options is the wrong place. You as you discovered you need to
set these SSL parameters in the https_port line.

sslproxy_* parameters control what Squid requires on outgoing SSL
connections it makes when forwarding an https:// URL and not using a
peer... I very much doubt you need to care about these. There is two
main situations when Squid forwards https:// URLs

  a) When requested by a client without native SSL support. I.e. old
versions of lynx.

  b) When using a redirector to rewrite http:// URLs into https://
without usign a browser redirect.

  C) an ssl reverse proxy configured with direct forwarding without
using cache_peer.

Regards
Henrik



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux