On 8/03/2012 8:34 p.m., Marcus Zoller wrote:
Hello guys, I am running squid as an reverse proxy and can't find a way to disable the support for client initiated renegotiation. I have tested this using echo "R" | openssl s_client -connect xxxx:443 which returns RENEGOTIATING .
<snip>
I have found in src/ssl_support.cc that options is initialized with SSL_OP_ALL. The changelog from the openssl package says:
<snip>
I was unable to find anything like this within squids source but from other posts I've seen that someone else already fixed this problem but unfortunately it is not clear how. So now I am wondering what I am doing wrong or if there is no support for disabling this functionality available?
We have it disabled by default starting with 3.2, but it was kept out of 3.1 so as not to break existing installations which may be depending on it.
Since you are self-building you can change that SSL_OP_ALL to a "0". Amos
