On 6/10/20 1:35 pm, Nisa Balakrishnan wrote: > Hi, > > I am trying to allow access for only tls versions 1.2 and above on Squid > 3.5.20 > Note that "above 1.2" are not supported by that ancient version of Squid. Your test disables everything except SSLv1 code in the library. > For testing purposes, I have set options in squid config as follows. > > ``` > https_port 3130 cert=/etc/squid/ssl/squid.pem ssl-bump intercept > options=NO_SSLv2,NO_SSLv3,NO_TLSv1,NO_TLSv1_2 > > sslproxy_options NO_SSLv2,NO_SSLv3,NO_TLSv1,NO_TLSv1_2 > ``` > Support for all those options depends on the version, build options, and global config settings of the OpenSSL library being used. They are just flags Squid passes to the library on connection setup. FWIW 3.1.20 is over 4 years old and a huge amount of change has happened to TLS since then. Please try to upgrade to current Squid-4 stable, or for best SSL-Bump behaviour the current Squid-5 beta. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
