-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 15/12/2014 4:53 p.m., Alexander Samad wrote: > does that need to be https_port ? Not particularly when using SSL interception ("SSL-bump"). > > this is what I have used > > https_port 2.7.3.1:443 accel cert=/etc/httpd/conf.d/a,b,c.crt > key=/etc/httpd/conf.d/a.b.c.key defaultsite=a.b.c > options=NO_SSLv2,NO_SSLv3 > > The only thing I haven't got working is PFS. > > I test with https://www.ssllabs.com/ > > Alex > > On 22 November 2014 at 03:07, Sebastian Fohler wrote: >> Thank you Amos, >> >> I've implemented http_port 80 ssl-bump options=NO_SSLv3:NO_SSLv2 >> Yet still the proxy accepts SSLv3 connections in the sniffing >> protocol. >> >> Something is still wrong. Is that actually SSLv3 protocol values going across or just TLS 1.x using "ssl3" format for the handshakes? Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUjmBGAAoJELJo5wb/XPRjoqEIAJUiy/c2NKpMFc11ErupOzU5 1B0zkL8KPxe5AADO8A+6FKTgNkxQXOnjl6DyTs922CgWkd2JJg8nd55aMJeo4Lqc OH9/HZ9xHni/beA9sAcb8CEBD5i96JLOuZFO/clFF517W4O+5aqjFzNPmJ1Ca3Ny Z59C3SIzHQnP5ueNVjSRmZ41Ut4SARf4qs/aBhco+bAT9hV4hrTXeSdPdAMjK34V Z2I4xx3XCf/zSogyQYEkmTR1MuAXPkR6BaAUCaAIqPBfzgtRu/3vAoLQCTshJJaC +DzqAZ4voLmS2v9N63ysCb4hm65p4M6iRpWyjGzBiGVoU7QFHplnr79WgxfGJ3k= =lV8u -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users