Hello guys, I have set up a squid as SSL reverse proxy, it works very fine. I have checked SSL security against Qualys and they report me that the server is vulnerable to MITM attacks because it supports insecured renegotiation There is my SSL relating configuration: https_port xx.xx.xx.xx:443 cert=/etc/squid/ssl/RapidSSL_xxx.xxxxxxx.xx.crt key=/etc/squid/ssl/RapidSSL_xxx.xxxxxxx.xx.key options=NO_SSLv2 cipher=RSA: HIGH:!eNULL:!aNULL:!LOW:!RC4 RSA:!RC2 RSA:!EXP:!ADH accel ignore-cc defaultsite=xxx.xxxxxxxx.xx vhost [...] cache_peer 10.x.x.x parent 80 0 front-end-https=on name=sw01 no-query originserver default login=PASS no-digest [...] ssl_unclean_shutdown on [...] Is it openssl related or squid configuration ???? Many Thanks, Sebastian
<<attachment: smime.p7s>>
