I just updated to Squid 3.5.6 and after running QualSYS SSL Labs test it
still lists my server as supporting Secure Client-Initiated
Renegotiation and potentially being vulnerable to CVE-2009-3555 which
the patch
<http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13849.patch>
included in the 3.5.6 change list, is described as hardening against. Is
there an option I need to add to the https_port setting in my squid.conf
file to correctly make use of this?
Currently running with the following options specified.
options=NO_SSLv2:NO_SSLv3:CIPHER_SERVER_PREFERENCE \
cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:+HIGH:+MEDIUM:!SSLv2:!RC4 \
System is Running on FreeBSD 10.1-RELEASE-p14, using OpenSSL included in
base FreeBSD.
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
