Search squid archive

Re: Disable SSLv3 on Squid doesn't seem to work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 15/12/2014 4:53 p.m., Alexander Samad wrote:
> does that need to be https_port ?

Not particularly when using SSL interception ("SSL-bump").

> 
> this is what  I have used
> 
> https_port 2.7.3.1:443 accel cert=/etc/httpd/conf.d/a,b,c.crt 
> key=/etc/httpd/conf.d/a.b.c.key defaultsite=a.b.c 
> options=NO_SSLv2,NO_SSLv3
> 
> The only thing I haven't got working is PFS.
> 
> I test with https://www.ssllabs.com/
> 
> Alex
> 
> On 22 November 2014 at 03:07, Sebastian Fohler wrote:
>> Thank you Amos,
>> 
>> I've implemented http_port 80 ssl-bump options=NO_SSLv3:NO_SSLv2 
>> Yet still the proxy accepts SSLv3 connections in the sniffing
>> protocol.
>> 
>> Something is still wrong.


Is that actually SSLv3 protocol values going across or just TLS 1.x
using "ssl3" format for the handshakes?

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUjmBGAAoJELJo5wb/XPRjoqEIAJUiy/c2NKpMFc11ErupOzU5
1B0zkL8KPxe5AADO8A+6FKTgNkxQXOnjl6DyTs922CgWkd2JJg8nd55aMJeo4Lqc
OH9/HZ9xHni/beA9sAcb8CEBD5i96JLOuZFO/clFF517W4O+5aqjFzNPmJ1Ca3Ny
Z59C3SIzHQnP5ueNVjSRmZ41Ut4SARf4qs/aBhco+bAT9hV4hrTXeSdPdAMjK34V
Z2I4xx3XCf/zSogyQYEkmTR1MuAXPkR6BaAUCaAIqPBfzgtRu/3vAoLQCTshJJaC
+DzqAZ4voLmS2v9N63ysCb4hm65p4M6iRpWyjGzBiGVoU7QFHplnr79WgxfGJ3k=
=lV8u
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux