Search squid archive

Re: Squid4 with GnuTLS - specify ciphers or disable protocols

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/11/18 11:05 PM, Martin Hoffmann wrote:
> Thanks for your quick reply.
> 
> Are your sure that tls-options *is working*?
> 

Nope, as I said earlier it is not tested much. Just that it builds and
passes the strings as-is to the library. It should "just work" since the
library is doing all the lifting.

The server connection side has had a bit more, testing that TLS version
restriction worked there.


> It seems that no matter what options I give to tls-options everything is
> ignored:
> 
> https_port 192.168.x.y:443 tls-cert=/path/cert.crt
> tls-key=/path/cert.key tls-dh=/path/dhparams.pem
> tls-options=NORMAL:-VERS-TLS1.0 accel defaultsite=my.domain.com
> <http://my.domain.com>
> 
> 
> I have even
> tried tls-options=SECURE128:+SECURE192:-VERS-ALL:+VERS-TLS1.2  - but in
> the end its all the same, TLS 1.0, 1.1 and 1.2 are enabled and all the
> same cipher suites are active. Absolute identical to
> omitting tls-options=... altogether.
> 
> Any idea?
> 

Hmm. Looking into it now.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux