-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Just for example: openssl dhparam -outform PEM -out dhparam.pem 2048 09.02.16 23:46, Sebastien.Boulianne@xxxxxx пишет: > Hi, > > Thanks you very much for your answer. > It's very appreciated. > > Can you give me a hint how to generate a dhparam key please ? > > I saw this link. > Should it works ? > > https://www.howtoforge.com/tutorial/how-to-protect-your-debian-and-ubuntu-server-against-the-logjam-attack/ > or > ## Create a DH parameter (key size is 1024 bits) > $ openssl dHParam -outform PEM -out dHParam.pem 1024 > > Which file does it uses as input ? > > Thanks. > > -----Message d'origine----- > De : dweimer [mailto:dweimer@xxxxxxxxxxx] Envoyé : 9 février 2016 08:53 À : Sebastien Boulianne <Sebastien.Boulianne@xxxxxx> Cc : squid-users@xxxxxxxxxxxxxxxxxxxxx Objet : Re: Question about my SSL test > > On 2016-02-09 7:38 am, Sebastien.Boulianne@xxxxxx wrote: > >> Hi, >> >> I did a SSL test and I have some questions. >> >> The SSL test notified me that POODLE (SSLv3), RC4 are enable or/and >> vulnerable. >> >> Is it a way to block that with Squid ? >> >> How can I disable thosed protocols ? Server side or Squid side ? >> >> Thanks for your answer guys. >> >> Sébastien > > Adjust your https_port line, adding options=NO_SSLv3 will remove poodle vulnerability, and adding !RC4 to the ciphers= will fix the RC4 message. > > Also, just an FYI, I have this setup on ours, which passed PCI compliance scan as of last run. > > > options=NO_SSLv2:NO_SSLv3:SINGLE_DH_USE:CIPHER_SERVER_PREFERENCE \ > dhparams=/usr/local/etc/squid/dh.param \ > cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:+HIGH:+MEDIUM:!RC4 > > See here <https://www.openssl.org/docs/manmaster/apps/dhparam.html> for info on creating a dh.param file. > > See here <http://www.squid-cache.org/Doc/config/https_port/> for more info on the https_port line options. > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWui+iAAoJENNXIZxhPexGkV8IAMu+a0NPC20KfGLfw2cWbF+a 5d97idY5mWcZRyaxydavgRf66C0mBTVe5dlGSf1/w6rCpghraIAg2Yd/F4wEBxba xOsxyqe3IZnq1tzbpN4bTk+MG04miIe8qTSYt1A3K75NXWSy6U9o6gsNA8HTbn88 AQpJkiJH4LHCeSTwkpSbgt1OxxPtxOapPIWojGRZYLPlxg6YSdkWW17Pai8vIz+x j571bejHd24u/9zz4NmiwY/MrlHFDtOyE9WBE/xVjhVQz+xQ5zp0j+hVA1WD3Q2M 7tAD1TdECCQyLGyUy5mb18Pwk0ckad2DQkHW5mrlrCuuA49krtJMDQrceiAf0as= =+H2B -----END PGP SIGNATURE-----
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
