On 2016-02-09 7:38 am, sebastien.boulia...@cpu.ca wrote:
Hi,
I did a SSL test and I have some questions.
The SSL test notified me that POODLE (SSLv3), RC4 are enable or/and
vulnerable.
Is it a way to block that with Squid ?
How can I disable thosed protocols ? Server side or Squid side ?
Thanks for your answer guys.
Sébastien
Adjust your https_port line, adding options=NO_SSLv3 will remove poodle
vulnerability, and adding !RC4 to the ciphers= will fix the RC4 message.
Also, just an FYI, I have this setup on ours, which passed PCI
compliance scan as of last run.
options=NO_SSLv2:NO_SSLv3:SINGLE_DH_USE:CIPHER_SERVER_PREFERENCE \
dhparams=/usr/local/etc/squid/dh.param \
cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:+HIGH:+MEDIUM:!RC4
See here <https://www.openssl.org/docs/manmaster/apps/dhparam.html> for
info on creating a dh.param file.
See here <http://www.squid-cache.org/Doc/config/https_port/> for more
info on the https_port line options.
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
