[squid-dev] [PATCH] sslproxy_cert_sign_hash configuration option

Tsantilas Christos chtsanti at users.sourceforge.net
Wed Oct 1 16:48:12 UTC 2014

Browser vendors will get rid of SSL certificates that use SHA-1 to 
generate the hash that is then signed by the CA. For example, Google 
Chrome will start to show an "insecure" sign for certificates that are 
valid after 1.1.2016 and will generate a warning page for certificates 
that are valid after 1.1.2017 [1],[2],[4]. Microsoft will block 
certificates with SHA-1 after 1.1.2017 [3].

This patch:
   1) Add a new configuration option to select the signing hash for
      generated certificates: sslproxy_cert_sign_hash.

   2) If sslproxy_cert_sign_hash is not set, then use the sha256 hash.

[2] https://code.google.com/p/chromium/issues/detail?id=401365

This is a Measurement Factory project
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trunk-Sign-with-SHA-256-t3.patch
Type: text/x-patch
Size: 25155 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20141001/8517e9bb/attachment-0001.bin>

More information about the squid-dev mailing list