[squid-users] Squid4 with GnuTLS - specify ciphers or disable protocols
Amos Jeffries
squid3 at treenet.co.nz
Tue Nov 13 06:22:12 UTC 2018
On 12/11/18 11:05 PM, Martin Hoffmann wrote:
> Thanks for your quick reply.
>
> Are your sure that tls-options *is working*?
>
Nope, as I said earlier it is not tested much. Just that it builds and
passes the strings as-is to the library. It should "just work" since the
library is doing all the lifting.
The server connection side has had a bit more, testing that TLS version
restriction worked there.
> It seems that no matter what options I give to tls-options everything is
> ignored:
>
> https_port 192.168.x.y:443 tls-cert=/path/cert.crt
> tls-key=/path/cert.key tls-dh=/path/dhparams.pem
> tls-options=NORMAL:-VERS-TLS1.0 accel defaultsite=my.domain.com
> <http://my.domain.com>
>
>
> I have even
> tried tls-options=SECURE128:+SECURE192:-VERS-ALL:+VERS-TLS1.2 - but in
> the end its all the same, TLS 1.0, 1.1 and 1.2 are enabled and all the
> same cipher suites are active. Absolute identical to
> omitting tls-options=... altogether.
>
> Any idea?
>
Hmm. Looking into it now.
Amos
More information about the squid-users
mailing list