[squid-users] Disable SSLv3 on Squid doesn't seem to work
Amos Jeffries
squid3 at treenet.co.nz
Mon Dec 15 04:15:02 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 15/12/2014 4:53 p.m., Alexander Samad wrote:
> does that need to be https_port ?
Not particularly when using SSL interception ("SSL-bump").
>
> this is what I have used
>
> https_port 2.7.3.1:443 accel cert=/etc/httpd/conf.d/a,b,c.crt
> key=/etc/httpd/conf.d/a.b.c.key defaultsite=a.b.c
> options=NO_SSLv2,NO_SSLv3
>
> The only thing I haven't got working is PFS.
>
> I test with https://www.ssllabs.com/
>
> Alex
>
> On 22 November 2014 at 03:07, Sebastian Fohler wrote:
>> Thank you Amos,
>>
>> I've implemented http_port 80 ssl-bump options=NO_SSLv3:NO_SSLv2
>> Yet still the proxy accepts SSLv3 connections in the sniffing
>> protocol.
>>
>> Something is still wrong.
Is that actually SSLv3 protocol values going across or just TLS 1.x
using "ssl3" format for the handshakes?
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUjmBGAAoJELJo5wb/XPRjoqEIAJUiy/c2NKpMFc11ErupOzU5
1B0zkL8KPxe5AADO8A+6FKTgNkxQXOnjl6DyTs922CgWkd2JJg8nd55aMJeo4Lqc
OH9/HZ9xHni/beA9sAcb8CEBD5i96JLOuZFO/clFF517W4O+5aqjFzNPmJ1Ca3Ny
Z59C3SIzHQnP5ueNVjSRmZ41Ut4SARf4qs/aBhco+bAT9hV4hrTXeSdPdAMjK34V
Z2I4xx3XCf/zSogyQYEkmTR1MuAXPkR6BaAUCaAIqPBfzgtRu/3vAoLQCTshJJaC
+DzqAZ4voLmS2v9N63ysCb4hm65p4M6iRpWyjGzBiGVoU7QFHplnr79WgxfGJ3k=
=lV8u
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list