On 12/11/18 11:05 PM, Martin Hoffmann wrote: > Thanks for your quick reply. > > Are your sure that tls-options *is working*? > Nope, as I said earlier it is not tested much. Just that it builds and passes the strings as-is to the library. It should "just work" since the library is doing all the lifting. The server connection side has had a bit more, testing that TLS version restriction worked there. > It seems that no matter what options I give to tls-options everything is > ignored: > > https_port 192.168.x.y:443 tls-cert=/path/cert.crt > tls-key=/path/cert.key tls-dh=/path/dhparams.pem > tls-options=NORMAL:-VERS-TLS1.0 accel defaultsite=my.domain.com > <http://my.domain.com> > > > I have even > tried tls-options=SECURE128:+SECURE192:-VERS-ALL:+VERS-TLS1.2 - but in > the end its all the same, TLS 1.0, 1.1 and 1.2 are enabled and all the > same cipher suites are active. Absolute identical to > omitting tls-options=... altogether. > > Any idea? > Hmm. Looking into it now. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
