Thanks Dean,
I have tried to compile with openssl 10.0.0a, but I get the same result... even with sslproxy_ directives.
Can you check your server on https://www.ssllabs.com/ssldb/index.html just to see....
In my case:
browser <--- HTTPS ----> reverse proxy (squid 3.1.9) <---- HTTP -----> OWA 2010 (IIS 7.5)
Maybe I miss something, how can I see which version of openssl is use in squid ?
Tanks,
Sebastian.
-----Message d'origine-----
De : Dean Weimer [mailto:dweimer_at_orscheln.com]
Envoyé : lundi 15 novembre 2010 16:42
À : Sébastien WENSKE
Objet : RE: RE : [squid-users] [Squid 3.1.9] SSL Reverse PROXY - Insecure Renegotiation Supported
It was at the bottom ☺ I deleted everything else see below.
Thanks,
Dean Weimer
Network Administrator
Orscheln Management Co
I have squid compiled from source against Openssl 1.0.0a, with the following options set:
https_port x.x.x.x:443 accel cert=xxx.crt key=xxx.key defaultsite=xxx.xxxx.xxx vhost options=NO_SSLv2 cipher=ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2
sslproxy_options NO_SSLv2
sslproxy_cipher ALL:!aNULL:!eNULL:!LOW:!EXP:!ADH:!RC4+RSA:+HIGH:+MEDIUM:!SSLv2
It passes the entire test from our PCI (Payment Card Industry) site certification scans, the options and ciphers are set both on the https_port line and on individual lines, not sure if both or only one are required.
Received on Mon Nov 15 2010 - 17:32:43 MST
This archive was generated by hypermail 2.2.0 : Mon Nov 15 2010 - 12:00:02 MST