=== modified file 'src/cf.data.pre' --- src/cf.data.pre 2012-03-08 04:23:06 +0000 +++ src/cf.data.pre 2012-03-15 10:05:23 +0000 @@ -1402,7 +1402,9 @@ 1 automatic (default) 2 SSLv2 only 3 SSLv3 only - 4 TLSv1 only + 4 TLSv1.0 only + 5 TLSv1.1 only + 6 TLSv1.2 only cipher= Colon separated list of supported ciphers. NOTE: some ciphers such as EDH ciphers depend on @@ -1412,9 +1414,11 @@ options= Various SSL implementation options. The most important being: - NO_SSLv2 Disallow the use of SSLv2 - NO_SSLv3 Disallow the use of SSLv3 - NO_TLSv1 Disallow the use of TLSv1 + NO_SSLv2 Disallow the use of SSLv2 + NO_SSLv3 Disallow the use of SSLv3 + NO_TLSv1 Disallow the use of TLSv1.0 + NO_TLSv1_1 Disallow the use of TLSv1.1 + NO_TLSv1_2 Disallow the use of TLSv1.2 SINGLE_DH_USE Always create a new key when using temporary/ephemeral DH key exchanges ALL Enable various bug workarounds @@ -1866,6 +1870,15 @@ TYPE: int DOC_START SSL version level to use when proxying https:// URLs + + The versions of SSL/TLS supported: + + 1 automatic (default) + 2 SSLv2 only + 3 SSLv3 only + 4 TLSv1.0 only + 5 TLSv1.1 only + 6 TLSv1.2 only DOC_END NAME: sslproxy_options @@ -1878,9 +1891,11 @@ The most important being: - NO_SSLv2 Disallow the use of SSLv2 - NO_SSLv3 Disallow the use of SSLv3 - NO_TLSv1 Disallow the use of TLSv1 + NO_SSLv2 Disallow the use of SSLv2 + NO_SSLv3 Disallow the use of SSLv3 + NO_TLSv1 Disallow the use of TLSv1.0 + NO_TLSv1_1 Disallow the use of TLSv1.1 + NO_TLSv1_2 Disallow the use of TLSv1.2 SINGLE_DH_USE Always create a new key when using temporary/ephemeral DH key exchanges @@ -2331,21 +2346,25 @@ reference a combined file containing both the certificate and the key. - sslversion=1|2|3|4 + sslversion=1|2|3|4|5|6 The SSL version to use when connecting to this peer 1 = automatic (default) 2 = SSL v2 only 3 = SSL v3 only - 4 = TLS v1 only + 4 = TLS v1.0 only + 5 = TLS v1.1 only + 6 = TLS v1.2 only sslcipher=... The list of valid SSL ciphers to use when connecting to this peer. ssloptions=... Specify various SSL implementation options: - NO_SSLv2 Disallow the use of SSLv2 - NO_SSLv3 Disallow the use of SSLv3 - NO_TLSv1 Disallow the use of TLSv1 + NO_SSLv2 Disallow the use of SSLv2 + NO_SSLv3 Disallow the use of SSLv3 + NO_TLSv1 Disallow the use of TLSv1.0 + NO_TLSv1_1 Disallow the use of TLSv1.1 + NO_TLSv1_2 Disallow the use of TLSv1.2 SINGLE_DH_USE Always create a new key when using temporary/ephemeral DH key exchanges === modified file 'src/ssl/support.cc' --- src/ssl/support.cc 2012-02-20 18:07:29 +0000 +++ src/ssl/support.cc 2012-03-15 10:00:28 +0000 @@ -391,6 +391,16 @@ "NO_TLSv1", SSL_OP_NO_TLSv1 }, #endif +#if SSL_OP_NO_TLSv1_1 + { + "NO_TLSv1_1", SSL_OP_NO_TLSv1_1 + }, +#endif +#if SSL_OP_NO_TLSv1_2 + { + "NO_TLSv1_2", SSL_OP_NO_TLSv1_2 + }, +#endif { "", 0 }, @@ -680,6 +690,26 @@ method = TLSv1_server_method(); break; + case 5: +#if OPENSSL_VERSION_NUMBER >= 0x10001000L // NP: not sure exactly which sub-version yet. + debugs(83, 5, "Using TLSv1.1."); + method = TLSv1_1_server_method(); +#else + debugs(83, DBG_IMPORTANT, "TLSv1.1 is not available in this Proxy."); + return NULL; +#endif + break; + + case 6: +#if OPENSSL_VERSION_NUMBER >= 0x10001000L // NP: not sure exactly which sub-version yet. + debugs(83, 5, "Using TLSv1.2"); + method = TLSv1_2_server_method(); +#else + debugs(83, DBG_IMPORTANT, "TLSv1.2 is not available in this Proxy."); + return NULL; +#endif + break; + case 1: default: @@ -879,6 +909,26 @@ method = TLSv1_client_method(); break; + case 5: +#if OPENSSL_VERSION_NUMBER >= 0x10001000L // NP: not sure exactly which sub-version yet. + debugs(83, 5, "Using TLSv1.1."); + method = TLSv1_1_client_method(); +#else + debugs(83, DBG_IMPORTANT, "TLSv1.1 is not available in this Proxy."); + return NULL; +#endif + break; + + case 6: +#if OPENSSL_VERSION_NUMBER >= 0x10001000L // NP: not sure exactly which sub-version yet. + debugs(83, 5, "Using TLSv1.2"); + method = TLSv1_2_client_method(); +#else + debugs(83, DBG_IMPORTANT, "TLSv1.2 is not available in this Proxy."); + return NULL; +#endif + break; + case 1: default: