[squid-users] will multiple tls_outgoing_options lines be combined?
Amos Jeffries
squid3 at treenet.co.nz
Tue Jul 3 16:44:44 UTC 2018
On 04/07/18 01:45, Amish wrote:
>
> On Tuesday 03 July 2018 06:07 PM, Amos Jeffries wrote:
>
>>> Or will it pick only last (or first) option and internal defaults for
>>> rest?
>> Each option in the directive replaces previous values of that same
>> option.
>>
>> For example;
>>
>> tls_outgoing_options cipher=A cipher=B
>>
>> is the same as:
>>
>> tls_outgoing_options cipher=B
>>
>>
>> Since above you are setting different named option on every line, your
>> setup is equivalent to all the options being on one line.
>>
>>
>> However, Squid understands line wrapping. So this question is not very
>> useful. You could simplify even further like this:
>>
>> tls_outgoing_options \
>> cafile=/etc/ssl/cert.pem \
>> options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE \
>> cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:....
>>
>
> Didn't know about line wrapping support.
>
> But my question is still useful in my case. Writing small and quick sed
> script becomes easy.
Ah, you are thinking a automatic upgrades, right?
Watch out with that. The removal of SSLv2 settings (eg NO_SSLv2) at
times makes the new config directive halt with an OpenSSL unsupported
option error.
Amos
More information about the squid-users
mailing list