[squid-dev] [PATCH] Crypto-NG: Use Security::PeerOptions for listening port TLS settings
Alex Rousskov
rousskov at measurement-factory.com
Tue Jun 30 22:11:08 UTC 2015
On 06/30/2015 09:27 AM, Amos Jeffries wrote:
> * Change the tls_outgoing_options default value from "disable" which did
> not parse previously (now does). To setting TLS/1.0 minimum version with
> SSLv3 disabled.
> NAME: tls_outgoing_options
...
> -DEFAULT: disable
> +DEFAULT: min-version=1.0 options=NO_SSLv3
Does this change mean that Squid can no longer talk to SSLv3-only sites
unless the admin manually adjusts tls_outgoing_options to include SSLv3
support?
> * Fix tls-min-version=1.N handling not to alter stored options= config
> string. Now updates the binary representation in parsedOptions directly.
Can you describe this bug from the admin point of view? That is, what
Squid trunk behavior was broken that this patch fixes?
> - ssl_error = ERR_get_error();
> + int ssl_error = ERR_get_error();
Minor: You can make all(?) of the redeclared ssl_error variables
constant. Just something I accidentally noticed -- I did not review the
whole patch.
Thank you,
Alex.
More information about the squid-dev
mailing list