On 15/03/2012 8:41 p.m., Sébastien WENSKE wrote:
Hello Amos,
I probably did a mistake.... because I built openssl 10.0.1 in /lib_indep and specified the path in ./configure with "--with-openssl=/lib_indep/include/openssl"
Squid works well, but no change on SSL Lab Server Test: https://www.ssllabs.com/ssldb/analyze.html?d=webmail.wenske.fr
Looking at it Squid has no explicit support for TLSv1.1 or 1.2. But the
TLS/SSL auto-negotiate (https_port ... version=1) should be arranging
for it to appear. You might need to also set the
ssloptions=NO_SSLv2,NO_SSLv3,NO_TLSv1 for the new ones to show up though.
I have a patch you can try at
http://www.squid-cache.org/~amosjeffries/patches/squid-3.1_upgrade_TLSv12.patch
It adds support for the server/client methods and NO_TLSv1_* options to
help with your experimenting.
Amos
Cheers,
Sebastien W.
-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Sent: mercredi 14 mars 2012 22:33
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re: RE: TLS v1.2 support
On 15.03.2012 05:16, Sébastien WENSKE wrote:
OpenSSL 1.0.1 (not 10.0.1)
-----Original Message-----
From: Sébastien WENSKE [mailto:sebastien@xxxxxxxxx]
Sent: mercredi 14 mars 2012 17:14
To: squid-users@xxxxxxxxxxxxxxx
Subject: TLS v1.2 support
Hi guys,
OpenSSL 10.01 just released, it seems that it supports TLS v1.2.
Thanks for the heads-up.
What about Squid?
Squid supports whatever the library you build it with does.
About the only relevance a change like this has is if there are new options which we have to map from squid.conf to the OpenSSL API calls ("NO_TLSv11" or such.). Or if they do some more ABI-breaking alterations like the 1.0.0 c->d re-write had.
Amos
