-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 15/12/2014 4:53 p.m., Alexander Samad wrote:
> does that need to be https_port ?
Not particularly when using SSL interception ("SSL-bump").
>
> this is what I have used
>
> https_port 2.7.3.1:443 accel cert=/etc/httpd/conf.d/a,b,c.crt
> key=/e
does that need to be https_port ?
this is what I have used
https_port 2.7.3.1:443 accel cert=/etc/httpd/conf.d/a,b,c.crt
key=/etc/httpd/conf.d/a.b.c.key defaultsite=a.b.c
options=NO_SSLv2,NO_SSLv3
The only thing I haven't got working is PFS.
I test with https://www.ssllabs.com/
Alex
On 22 No
Thank you Amos,
I've implemented http_port 80 ssl-bump options=NO_SSLv3:NO_SSLv2
Yet still the proxy accepts SSLv3 connections in the sniffing protocol.
Something is still wrong.
Best regards
Sebastian
On 21.11.2014 16:29, Amos Jeffries wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 22/11/2014 3:57 a.m., Sebastian Fohler wrote:
> I've disabled SSLv3 with this option set in my squid.conf file:
>
> sslproxy_options NO_SSLv3 NO_SSLv2
>
> But despite that fact, the squid proxy accepted the configuration
> without any problems, I
I've disabled SSLv3 with this option set in my squid.conf file:
sslproxy_options NO_SSLv3 NO_SSLv2
But despite that fact, the squid proxy accepted the configuration
without any problems, I still get SSLv3 connections working.
I've sniffed the traffice on that interface on the proxy port and if
