|
Hello all, I have configured squid 3.3.8 (CentOS 7 rpm) as an SSL
reverse proxy which works fine. However, I would like to make it as
secure as possible. The SSLLabs test showed "Secure Client-Initiated Renegotiation Supported DoS DANGER (more info)" I found an old thread here where it was suggested it depends on the default of the OpenSSL library installed and that on compiling squid, you can disable this option by specifying SSL_OP_ALL=0. However I would like to stick to the RPM if possible. Is there a way to disable this via a configuration option? I tried to pass options=!ALL in the config but then no SSL conection is possible as the peers do not find any common cipher.... I have put together everything else to get a secure SSL connection which also gets an A grade in the qualys SSL test. I will post it here when it is done and I can also will put it on the squid wiki. Best regards,
Jakob Curdes |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
