-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Oooooops...... 09.02.16 23:46, Sebastien.Boulianne@xxxxxx пишет: > Hi, > > Thanks you very much for your answer. > It's very appreciated. > > Can you give me a hint how to generate a dhparam key please ? > > I saw this link. > Should it works ? > > https://www.howtoforge.com/tutorial/how-to-protect-your-debian-and-ubuntu-server-against-the-logjam-attack/ > or > ## Create a DH parameter (key size is 1024 bits) > $ openssl dHParam -outform PEM -out dHParam.pem 1024 > > Which file does it uses as input ? It has no input. DH parameters will be generated by openssl. Also 1024 may be too small value. Use 2048, but remember: often DH generation, and, especially, they screening, can take much time. > > > Thanks. > > -----Message d'origine----- > De : dweimer [mailto:dweimer@xxxxxxxxxxx] Envoyé : 9 février 2016 08:53 À : Sebastien Boulianne <Sebastien.Boulianne@xxxxxx> Cc : squid-users@xxxxxxxxxxxxxxxxxxxxx Objet : Re: Question about my SSL test > > On 2016-02-09 7:38 am, Sebastien.Boulianne@xxxxxx wrote: > >> Hi, >> >> I did a SSL test and I have some questions. >> >> The SSL test notified me that POODLE (SSLv3), RC4 are enable or/and >> vulnerable. >> >> Is it a way to block that with Squid ? >> >> How can I disable thosed protocols ? Server side or Squid side ? >> >> Thanks for your answer guys. >> >> Sébastien > > Adjust your https_port line, adding options=NO_SSLv3 will remove poodle vulnerability, and adding !RC4 to the ciphers= will fix the RC4 message. > > Also, just an FYI, I have this setup on ours, which passed PCI compliance scan as of last run. > > > options=NO_SSLv2:NO_SSLv3:SINGLE_DH_USE:CIPHER_SERVER_PREFERENCE \ > dhparams=/usr/local/etc/squid/dh.param \ > cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:+HIGH:+MEDIUM:!RC4 > > See here <https://www.openssl.org/docs/manmaster/apps/dhparam.html> for info on creating a dh.param file. > > See here <http://www.squid-cache.org/Doc/config/https_port/> for more info on the https_port line options. > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWujBUAAoJENNXIZxhPexGUlIH/1KlK5+NXMo1pB16h7LwrQAZ NF1/iJfBnJOjucXF5cQdhwGT/il+DeRDvbhFo4aai47zzHxqC7t242QnWD+L5vzW g3GTec5F1VlvMkDzK2I5eY0vuty0pQEkQKkKde/s6pFdRqRvirey0HxN6TF68OlV Tgk+J/Y3ZW4xYOKYzVa2JiDwtARauF9MwN6J2JJDmaEEptMpnAL1Ad9TxDW1JClp qTzsA3a7j9hrcsY9eXaA+7tvh+hrwqfrDVS5Vp0Q20dfswN9fcZuAPssaG4lzM21 W81c3hjKymZGKBta4R1pFj3H+zcNrfTuIF/ib3cOQnw7AE1XGQLg2uVwHU+5M8E= =vyMz -----END PGP SIGNATURE-----
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
