[squid-users] disable ssl client renegotiating from amaury_at

From: <amaury_at_tin.it>
Date: Mon, 17 Mar 2014 14:54:28 +0100 (CET)

Hello
I'm using squid-3.4.1 on redhat 6.0 with openssl version
openssl-
1.0.1e-16.el6_5.4
Here the configure options:
%configure \

--
exec_prefix=/usr \
   --libexecdir=%{_libdir}/squid \
   --
localstatedir=/var \
   --datadir=%{_datadir}/squid \
   --sysconfdir=%
{_sysconfdir}/squid \
   --with-logdir='$(localstatedir)/log/squid' \
   --with-pidfile='$(localstatedir)/run/squid.pid' \
   --disable-
dependency-tracking \
   --enable-eui \
   --enable-follow-x-forwarded-
for \
   --enable-auth \
   --enable-auth-basic="DB,fake,getpwnam,LDAP,
MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB" \
   --
enable-
auth-ntlm="smb_lm,fake" \
   --enable-auth-digest="file,LDAP,
eDirectory" \
   --enable-auth-negotiate="kerberos,wrapper" \
   --
enable-external-acl-helpers="wbinfo_group,kerberos_ldap_group,AD_group,
session,file_userip,unix_group,time_quota" \
   --enable-url-rewrite-
helpers="fake" \
   --enable-disk-io="AIO,Blocking,DiskDaemon,
DiskThreads,IpcIo,Mmapped" \
   --enable-kill-parent-hack \
   --
enable-
cache-digests \
   --enable-cachemgr-hostname=localhost \
   --
enable-
delay-pools \
   --enable-epoll \
   --enable-icap-client \
   
--enable-
ident-lookups \
   %ifnarch ppc64 ia64 x86_64 s390x
   --with-
large-
files \
   %endif
   --enable-linux-netfilter \
   --enable-
removal-
policies="heap,lru" \
   --enable-snmp \
   --enable-ssl \
   
--enable-
ssl-crtd  \
   --enable-storeio="aufs,diskd,ufs,rock" \
   --
enable-
wccpv2 \
   --enable-esi \
   --with-aio \
   --with-default-
user="
squid" \
   --with-filedescriptors=16384 \
   --with-dl \
   --
with-
openssl=/usr/include/openssl \
   --with-pthreads \
   --disable-
arch-
native
The configuration
http_port xxx.xxx.xxx.xxx:80 accel 
vhost
https_port xxx.xxx.xxx.xxx:443 accel vhost 
cert=/etc/squid/cert/xxx.
cert key=/etc/squid/cert/xxx.private.key \
cafile=/etc/squid/cert/cafile.cert defaultsite=xxxx 
sslflags=NO_SESSION_REUSE \
options=NO_SSLv2,NO_SSLv3 cipher=RC4-SHA:
HIGHT:!ADH:!aNULL:!EDH:!MD5 sslcontext=ID
I would like to know how 
it's possible to disable ssl client renegotiating. Reading in 
different 
maling list, i red that depends on openssl version, but
for 
example I 
have an other server with the same openssl rpm with apache 
that It has 
renegotiation disable.
Please, do you have any idea?
Thank 
you
Regards,

Received on Mon Mar 17 2014 - 13:54:37 MDT

This archive was generated by hypermail 2.2.0 : Mon Mar 24 2014 - 12:00:05 MDT