Hi.
About this thread:
http://www.squid-cache.org/mail-archive/squid-users/201210/0166.html
Just to let you know that the OpenSSL flag which controls tls
compression is "SSL_OP_NO_COMPRESSION".
This flag seems to exist only since OpenSSL 0.9.9.
Here is a quick and dirty patch to disable the compression in Squid3.1:
$ diff -u ../squeeze/squid3-3.1.6/src/ssl_support.cc
src/ssl_support.cc ---
../squeeze/squid3-3.1.6/src/ssl_support.cc 2010-08-01
14:01:37.000000000 +0000
+++ src/ssl_support.cc 2012-12-03 11:35:15.000000000 +0000
@@ -376,6 +376,11 @@
"NO_TLSv1", SSL_OP_NO_TLSv1
},
#endif
+#ifdef SSL_OP_NO_COMPRESSION
+ {
+ "NO_Compression", SSL_OP_NO_COMPRESSION
+ },
+#endif
{
"", 0
},
Next you will have to add "NO_Compression" to your Squid's
configuration file (with ssloption= or options= in the https_port
context).
Obviously you have to build Squid with an OpenSSL version which
support this parameter (working fine for me with OpenSSL 1.0.1c).
Regards.
Received on Mon Dec 03 2012 - 14:07:16 MST
This archive was generated by hypermail 2.2.0 : Mon Dec 03 2012 - 12:00:04 MST