On 10/11/18 7:04 AM, Martin Hoffmann wrote:
> I'm using squid 4.4 as remote proxy for an https server.
> Squid 4.4 comes from Debian testing and is compiled with --with-gnutls
> (no openssl support).
>
> How can I disable certain cipher suites or protocols (like TLS 1.0) ?
>
> From my understandi
On 10/11/18 3:15 PM, Michael Pelletier wrote:
> Perhapse your Squid has been patched to remove it ?
>
> I am running 3.5.28. I have not installed any patches.
>
> Perhapse you are looking at the wrong headers ?
> X-Forwarded-For is only added to the request headers sent to servers.
>
> Yes. The
Perhapse your Squid has been patched to remove it ?
I am running 3.5.28. I have not installed any patches.
Perhapse you are looking at the wrong headers ?
X-Forwarded-For is only added to the request headers sent to servers.
Yes. The XFF should be added to the request header and be seen by the
On 10/11/18 9:05 AM, Michael Pelletier wrote:
> Hello,
> I am running squid 3.5.28 and for some reason I can not get
> X-Forwarded-For added to the http headers. I have "forwarded_for on" and
> "via on" set in the squid.conf. Any ideas why this will not work?
>
Perhapse your Squid has been patche
Hello,
I am running squid 3.5.28 and for some reason I can not get X-Forwarded-For
added to the http headers. I have "forwarded_for on" and "via on" set in
the squid.conf. Any ideas why this will not work?
--
*Disclaimer: *Under Florida law, e-mail addresses are public records.
If you do n
I'm using squid 4.4 as remote proxy for an https server.
Squid 4.4 comes from Debian testing and is compiled with --with-gnutls (no
openssl support).
How can I disable certain cipher suites or protocols (like TLS 1.0) ?
>From my understanding I should add tls-min-version=1.1 to https_port - but
t
> FYI: By placing that "all" ACL (or any other non-authentication ACL) at
> the end of your access line you are currently making Squid *not* fetch
> credentials from users.
>
> If the UA/Browser is so insecurely configured that it broadcasts user
> credentials out to the network without being aske
