[squid-users] How to restrict the maximum negotiated version of squid HTTPS to TLS1.2
赵 俊
jun357572957zhao at hotmail.com
Tue Apr 2 01:10:37 UTC 2019
Hi, this is part of my squid.conf:
https_port 192.168.30.4:3129 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/opt/squid/ssl_cert/CA.pem sslflags=NO_DEFAULT_CA
acl broken_sites ssl::server_name foo.com
acl ssl_step1 at_step SslBump1
ssl_bump peek ssl_step1
ssl_bump bump broken_sites
ssl_bump splice all
so how to restrict the maximum negotiated version of squid HTTPS to TLS1.2?
I also try configure like this:
https_port 192.168.30.4:3129 intercept ssl-bump connection-auth=off generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/opt/squid/ssl_cert/CA.pem version=4
it did not work.
the access.log show TCP/TUNNEL 200
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190402/92341273/attachment.html>
More information about the squid-users
mailing list