[squid-dev] [PATCH] RFC 6176 compliance

Kinkie gkinkie at gmail.com
Sat Nov 1 17:29:46 UTC 2014


assuming it works, +1.
Shouldn't we also emit warnings when SSLv3 is used due to POODLE?

On Sat, Nov 1, 2014 at 3:51 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> RFC 6176 prohibits use of SSLv2.
> https://tools.ietf.org/html/rfc6176
>
> Remove the documentation and support for configuring Squid with
> SSLv2-only.
>
> Explicitly enable the SSL_NO_SSLv2 option when provided by the library
> to prevent implicit fallback.
>
> Remove support for ssloptions= values which are for SSLv2-specific bugs.
>
> Due to the way they are implemented with atoi() sslversion=N
> configuration will still accept the values for SSLv2-only. But the
> context creation will now unconditionally produce "SSLv2 not
> supported" errors if the now undocumented values are attempted.
>
> Amos
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJUVEqqAAoJELJo5wb/XPRjMBQH/0BzFsjaIdqRyL4NVkcY9iAp
> alh3jzwdJihEwUpbrcIHSj1ipNuJQhOednz5DZ5T0DLv4z0TFyepwRbFJY5l94sV
> sQ+AIg2GZepP3lxuYN/68yCdqQatfNjmGISEyBMwShCV4+WZpqY7xDz3Lx1T5tci
> RviGrIRxX163gpDIO87cJKQ60mAKl1528tf3ed0+XMOML4Jo00DEXGZf2e7l1z8p
> Rgl+h4t0x5ndE/7G2gmeg27k4wp7fGksPlxbbggj2Yk8f21C/dx+CAMyqjofVbFa
> t4lYUzoXB7bO9FciqdhK5iMQ8PPrBXJMiwrYZldn/2PMonIBzJVKPdT51ZMAUT0=
> =xu5G
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> squid-dev mailing list
> squid-dev at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-dev
>



-- 
    Francesco


More information about the squid-dev mailing list