Search squid archive

Re: sslproxy_options on squid 3.5.20

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/10/20 1:35 pm, Nisa Balakrishnan wrote:
> Hi,
> 
> I am trying to allow access for only tls versions 1.2 and above on Squid
> 3.5.20
> 

Note that "above 1.2" are not supported by that ancient version of
Squid. Your test disables everything except SSLv1 code in the library.


> For testing purposes, I have set options in squid config as follows.
> 
> ```
> https_port 3130 cert=/etc/squid/ssl/squid.pem ssl-bump intercept
> options=NO_SSLv2,NO_SSLv3,NO_TLSv1,NO_TLSv1_2
> 
> sslproxy_options NO_SSLv2,NO_SSLv3,NO_TLSv1,NO_TLSv1_2
> ```
> 

Support for all those options depends on the version, build options, and
global config settings of the OpenSSL library being used. They are just
flags Squid passes to the library on connection setup.


FWIW 3.1.20 is over 4 years old and a huge amount of change has happened
to TLS since then. Please try to upgrade to current Squid-4 stable, or
for best SSL-Bump behaviour the current Squid-5 beta.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux