[squid-users] renegotiation

Vieri rentorbuy at yahoo.com
Thu Feb 2 13:38:14 UTC 2017





----- Original Message -----
From: Amos Jeffries <squid3 at treenet.co.nz>
> Renegotiating to an insecure version or cipher set is an issue to be
> fixed by configuring tls-min-version=1.Y and tls-options= disabling
> unwanted ciphers etc.
> 
> The potential DoS related to renegotiation is now prevented by rate
> limiting.
> 
> The current generation of OpenSSL libraries (1.0+) all contain built-in
> protection from older forms of renegotiate that had other CVE issues.


Thanks again, Amos!


More information about the squid-users mailing list