On 04/07/18 01:45, Amish wrote: > > On Tuesday 03 July 2018 06:07 PM, Amos Jeffries wrote: > >>> Or will it pick only last (or first) option and internal defaults for >>> rest? >> Each option in the directive replaces previous values of that same >> option. >> >> For example; >> >> tls_outgoing_options cipher=A cipher=B >> >> is the same as: >> >> tls_outgoing_options cipher=B >> >> >> Since above you are setting different named option on every line, your >> setup is equivalent to all the options being on one line. >> >> >> However, Squid understands line wrapping. So this question is not very >> useful. You could simplify even further like this: >> >> tls_outgoing_options \ >> cafile=/etc/ssl/cert.pem \ >> options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE \ >> cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:.... >> > > Didn't know about line wrapping support. > > But my question is still useful in my case. Writing small and quick sed > script becomes easy. Ah, you are thinking a automatic upgrades, right? Watch out with that. The removal of SSLv2 settings (eg NO_SSLv2) at times makes the new config directive halt with an OpenSSL unsupported option error. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
