[squid-users] Question squid on centos 6.5 and poodle
Alexander Samad
alex at samad.com.au
Fri Oct 17 06:24:14 UTC 2014
Hi
I am trying to reconfig the ssl setup on a reverse proxy set
https_port 2.7.3.1:443 accel cert=/etc/httpd/conf.d/office.xyz.com.crt
key=/etc/httpd/conf.d/office.xyz.com.key
dhparams=/etc/httpd/conf.d/office.xyz.com.dhparam
defaultsite=office.yieldbroker.com options=NO_SSLv2,NO_SSLv3
cipher=ALL:!SSLv2:!SSLv3 at STRENGTH
But I only get a limited list of ciphers, completely different from
openssl ciphers 'ALL:!SSLv2:!SSLv3 at STRENGTH'
in fact it doesn't seem to look at the cipher option at all
and pointers on what I am doing wrong
right now I am left with
https_port 2.7.3.1:443 accel cert=/etc/httpd/conf.d/office.xyz.com.crt
key=/etc/httpd/conf.d/office.xyz.com.key
dhparams=/etc/httpd/conf.d/office.xyz.com.dhparam
defaultsite=office.yieldbroker.com options=NO_SSLv2,NO_SSLv3
but https://www.ssllabs.com/ssltest/ gives me an A- .. no PFS.
thanks
Alex
More information about the squid-users
mailing list