[squid-dev] [PATCH] RFC 6176 compliance
Amos Jeffries
squid3 at treenet.co.nz
Sun Nov 2 01:01:59 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 2/11/2014 6:29 a.m., Kinkie wrote:
> assuming it works, +1. Shouldn't we also emit warnings when SSLv3
> is used due to POODLE?
I'm scoping this update specifically to RFC 6176.
The similar SSLv3 changes to be done later.
Amos
>
> On Sat, Nov 1, 2014 at 3:51 AM, Amos Jeffries
> <squid3 at treenet.co.nz> wrote: RFC 6176 prohibits use of SSLv2.
> https://tools.ietf.org/html/rfc6176
>
> Remove the documentation and support for configuring Squid with
> SSLv2-only.
>
> Explicitly enable the SSL_NO_SSLv2 option when provided by the
> library to prevent implicit fallback.
>
> Remove support for ssloptions= values which are for SSLv2-specific
> bugs.
>
> Due to the way they are implemented with atoi() sslversion=N
> configuration will still accept the values for SSLv2-only. But the
> context creation will now unconditionally produce "SSLv2 not
> supported" errors if the now undocumented values are attempted.
>
> Amos
>>
>> _______________________________________________ squid-dev mailing
>> list squid-dev at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-dev
>>
>
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUVYKFAAoJELJo5wb/XPRjGvAH/3qYmMnuyLQFydcOb5bGywX8
PYAipv0UEveTdTd5QQnRPs0sPELQ5KsIxY6+cOseMZVPVfGXIQfCGKC/+zLINQN1
v0B+ecYuoj+6q3Yx04eoR+Zps0I1BqVDSPnSJkNKmaK4SO0pj2zUiMFLkaThC039
UmMuUa9gKVg7kReP+m/Gs60AYanjEkBwjDEwZSjUZU7DpvpQE6q401jqgC8QfDPH
SuvgTU8fAQnS+YmBa05J8qk6b1Bzj6iTeEz4yZpCHOVz3yFeN3pbHh9j1dM1FxNv
H/zOjElrG8VgMEVBqXDW7BSvVHsyv+zAjUGpeMWUYCJrB/EyXD0jbN41GfAIoTQ=
=KsZP
-----END PGP SIGNATURE-----
More information about the squid-dev
mailing list