Hello, I've enabled sslbump and configured the following outgoing tls options:
tls_outgoing_options min-version=1.2 options=NO_TLSv1:NO_TLSv1_1 cipher=TLSv1.2:+aRSA:+SHA384:+SHA256:+DH:-kRSA:!PSK:!eNULL:!aNULL:!DSS:!AESCCM:!CAMELLIA:!ARIA so for me it looks like squid must not use TLS1.1 or TLS1.0. But for some web sites like https://www.europarl.europa.eu/doceo/document/LIBE-OJ-2022-12-12-1_EN.html the first request is made with an tls1.0 client hello packet. When I reload the page the proxyserver sends a tls1.2 client hello and the website is shown as expected. So what option can be used to force a minimum tls1.2 client hello package every time? Here is a link to the pcap file with both variants: https://bloms.de/download/www.europarl.europa.eu.pcap -- Regards Dieter -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the >From field. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
