[squid-users] howto disable tls compression when using sslbump in squid-3.5.5 between squid and https webserver ?

Amos Jeffries squid3 at treenet.co.nz
Tue Jun 9 15:17:20 UTC 2015


On 10/06/2015 2:33 a.m., Dieter Bloms wrote:
> Hello,
> 
> I use squid 3.5.5 and use the sslbump feature.
> When I activate sslbump, the browsertest on www.ssllabs.com
> ( https://www.ssllabs.com/ssltest/viewMyClient.html )
> says TLS compression is activated and insecure.
> I use openssl 1.0.1m on my proxyserver
> 
> I tried some settings like:
> 
> sslproxy_flags No_Compression
> 
> but squid claims "FATAL: Unknown ssl flag 'No_Compression'".
> 
> Is it possible to disable TLS compression for the connection from squid
> to the webserver when sslbump is used ?
> 

That is an OpenSSL library option. Use it in sslproxy_options.

Amos



More information about the squid-users mailing list