Squid configuration directive sslproxy_options

Available in: 3.5   3.4   3.3   3.2   2.7   3.1   3.0   2.6  

This directive is not available in the v7 version of Squid.

This directive is not available in the v6 version of Squid.

This directive is not available in the v5 version of Squid.

This directive is not available in the v4 version of Squid.

For older versions than v4 see the linked pages above

Configuration Details:

Option Name:sslproxy_options
Replaces:
Requires:--with-openssl
Default Value:none
Suggested Config:

	Colon (:) or comma (,) separated list of SSL implementation options
	to use when proxying https:// URLs
	
	The most important being:

	    NO_SSLv2    Disallow the use of SSLv2
	    NO_SSLv3    Disallow the use of SSLv3
	    NO_TLSv1    Disallow the use of TLSv1.0
	    NO_TLSv1_1  Disallow the use of TLSv1.1
	    NO_TLSv1_2  Disallow the use of TLSv1.2

	    SINGLE_DH_USE
		      Always create a new key when using temporary/ephemeral
		      DH key exchanges

	    NO_TICKET
		      Disable use of RFC5077 session tickets. Some servers
		      may have problems understanding the TLS extension due
		      to ambiguous specification in RFC4507.

	    ALL       Enable various bug workarounds suggested as "harmless"
		      by OpenSSL. Be warned that this may reduce SSL/TLS
		      strength to some attacks.
	
	See the OpenSSL SSL_CTX_set_options documentation for a
	complete list of possible options.
	
	WARNING: This directive takes a single token. If a space is used
		 the value(s) after that space are SILENTLY IGNORED.

 

Back

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors