On 2013-08-01 13:00, PSA4444 wrote:
I run some websites behind a squid reverse proxy with SSL enabled.
I ran the free SSL Labs assessment on it and found the following
problems:
https://www.ssllabs.com/ssltest/
SSL_RSA_EXPORT_WITH_RC4_40_MD5 (0x3) WEAK 40
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x6) WEAK 40
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8) WEAK 40
SSL_RSA_WITH_DES_CBC_SHA (0x9) WEAK 56
How can I disable these weak cipher suites?
http://www.squid-cache.org/Doc/config/https_port/
Use the cipher= option on your https_port to set an explicit set of
ciphers which are to be supported there.
It takes the usual TLSv1:!SSLv2:RC4!aNULL:!eNULL:!3DES style of syntax.
I also want to disable TLS compression.
I'm not certain about on this one. It may be an option= parameter
available, or something needed in the openssl system-wide config file.
Amos