I think I have managed to track this down. It seems to be a side effect
of the session management being designed for OpenSSL where the context
implicitly shares details in the library between sessions linked to that
context. Under GnuTLS the sessions generated by clients connecting are
not inheriti
Sorry my fault. Using the correct configure options makes OpenSSL support
indeed work :-) Thanks for pointing me to that. I will again try with
GnuTLS after getting everything up and running with OpenSSL.
Regards, Martin.
Am Di., 18. Dez. 2018 um 19:44 Uhr schrieb Amos Jeffries <
squ...@treenet.c
On 19/12/18 3:44 am, Martin Hoffmann wrote:
> Thanks that would be fine.
> However meanwhile I have recompiled squid 4.4 with OpenSSL support
> (added --enable-ssl
Which does not exist any longer.
> and --with-open-ssl=xxx
Which never existed at all.
The ./configure option name is " --with-op
Thanks that would be fine.
However meanwhile I have recompiled squid 4.4 with OpenSSL support
(added --enable-ssl
and --with-open-ssl=xxx and removed --with-gnutls to debian/rules) just to
end with the same problems - I cannot seem to find how to disable certain
protocols or ciphers with squid 4.4
On 12/11/18 11:05 PM, Martin Hoffmann wrote:
> Thanks for your quick reply.
>
> Are your sure that tls-options *is working*?
>
Nope, as I said earlier it is not tested much. Just that it builds and
passes the strings as-is to the library. It should "just work" since the
library is doing all the
Thanks for your quick reply.
Are your sure that tls-options *is working*?
It seems that no matter what options I give to tls-options everything is
ignored:
https_port 192.168.x.y:443 tls-cert=/path/cert.crt tls-key=/path/cert.key
tls-dh=/path/dhparams.pem tls-options=NORMAL:-VERS-TLS1.0 accel de
On 10/11/18 7:04 AM, Martin Hoffmann wrote:
> I'm using squid 4.4 as remote proxy for an https server.
> Squid 4.4 comes from Debian testing and is compiled with --with-gnutls
> (no openssl support).
>
> How can I disable certain cipher suites or protocols (like TLS 1.0) ?
>
> From my understandi
I'm using squid 4.4 as remote proxy for an https server.
Squid 4.4 comes from Debian testing and is compiled with --with-gnutls (no
openssl support).
How can I disable certain cipher suites or protocols (like TLS 1.0) ?
>From my understanding I should add tls-min-version=1.1 to https_port - but
t
