[squid-users] howto disable tls compression when using sslbump in squid-3.5.5 between squid and https webserver ?
Amos Jeffries
squid3 at treenet.co.nz
Tue Jun 9 15:17:20 UTC 2015
On 10/06/2015 2:33 a.m., Dieter Bloms wrote:
> Hello,
>
> I use squid 3.5.5 and use the sslbump feature.
> When I activate sslbump, the browsertest on www.ssllabs.com
> ( https://www.ssllabs.com/ssltest/viewMyClient.html )
> says TLS compression is activated and insecure.
> I use openssl 1.0.1m on my proxyserver
>
> I tried some settings like:
>
> sslproxy_flags No_Compression
>
> but squid claims "FATAL: Unknown ssl flag 'No_Compression'".
>
> Is it possible to disable TLS compression for the connection from squid
> to the webserver when sslbump is used ?
>
That is an OpenSSL library option. Use it in sslproxy_options.
Amos
More information about the squid-users
mailing list