Thanks Dean, I have tried to compile with openssl 10.0.0a, but I get the same result... even with sslproxy_ directives. Can you check your server on https://www.ssllabs.com/ssldb/index.html just to see.... In my case: browser <--- HTTPS ----> reverse proxy (squid 3.1.9) <---- HTTP -----> OWA 2010 (IIS 7.5) Maybe I miss something, how can I see which version of openssl is use in squid ? Tanks, Sebastian. -----Message d'origine----- De : Dean Weimer [mailto:dweimer@xxxxxxxxxxxx] Envoyà : lundi 15 novembre 2010 16:42 à : SÃbastien WENSKE Objet : RE: RE : [Squid 3.1.9] SSL Reverse PROXY - Insecure Renegotiation Supported It was at the bottom â I deleted everything else see below. Thanks, Dean Weimer Network Administrator Orscheln Management Co I have squid compiled from source against Openssl 1.0.0a, with the following options set: https_port x.x.x.x:443 accel cert=xxx.crt key=xxx.key defaultsite=xxx.xxxx.xxx vhost options=NO_SSLv2 cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2 sslproxy_options NO_SSLv2 sslproxy_cipher ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2 It passes the entire test from our PCI (Payment Card Industry) site certification scans, the options and ciphers are set both on the https_port line and on individual lines, not sure if both or only one are required.
