Search squid archive

Re: Squid 3.2.1 Reverse Proxy SSL Security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2013-08-01 13:00, PSA4444 wrote:
I run some websites behind a squid reverse proxy with SSL enabled.

I ran the free SSL Labs assessment on it and found the following problems:

https://www.ssllabs.com/ssltest/

SSL_RSA_EXPORT_WITH_RC4_40_MD5 (0x3)   WEAK	40
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x6)   WEAK	40
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8)   WEAK	40
SSL_RSA_WITH_DES_CBC_SHA (0x9)   WEAK	56


How can I disable these weak cipher suites?


http://www.squid-cache.org/Doc/config/https_port/

Use the cipher= option on your https_port to set an explicit set of ciphers which are to be supported there.

It takes the usual TLSv1:!SSLv2:RC4!aNULL:!eNULL:!3DES style of syntax.


I also want to disable TLS compression.


I'm not certain about on this one. It may be an option= parameter available, or something needed in the openssl system-wide config file.

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux