Squid configuration directive sslproxy_options
Available in: 3.3 3.2 3.1 2.7 3.HEAD 2.HEAD 3.0 2.6
Configuration Details:
| Option Name: | sslproxy_options |
|---|---|
| Replaces: | |
| Requires: | --enable-ssl |
| Default Value: | none |
| Suggested Config: |
|
SSL implementation options to use when proxying https:// URLs The most important being: NO_SSLv2 Disallow the use of SSLv2 NO_SSLv3 Disallow the use of SSLv3 NO_TLSv1 Disallow the use of TLSv1.0 NO_TLSv1_1 Disallow the use of TLSv1.1 NO_TLSv1_2 Disallow the use of TLSv1.2 SINGLE_DH_USE Always create a new key when using temporary/ephemeral DH key exchanges SSL_OP_NO_TICKET Disable use of RFC5077 session tickets. Some servers may have problems understanding the TLS extension due to ambiguous specification in RFC4507. ALL Enable various bug workarounds suggested as "harmless" by OpenSSL. Be warned that this may reduce SSL/TLS strength to some attacks. See the OpenSSL SSL_CTX_set_options documentation for a complete list of possible options. |
|
Search
Introduction
- About Squid
- Why Squid?
- Squid Developers
- How to Help Out or Donate
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
Documentation
- Configuration:
- FAQ and Wiki
- Guide Books:
- Non-English
- More...
Support
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products
Miscellaneous
- Developer Resources
- Related Writings
- Related Software:
- Squid Artwork