Hello
I'm using squid-3.4.1 on redhat 6.0 with openssl version
openssl-
1.0.1e-16.el6_5.4
Here the configure options:
%configure \
-- exec_prefix=/usr \ --libexecdir=%{_libdir}/squid \ -- localstatedir=/var \ --datadir=%{_datadir}/squid \ --sysconfdir=% {_sysconfdir}/squid \ --with-logdir='$(localstatedir)/log/squid' \ --with-pidfile='$(localstatedir)/run/squid.pid' \ --disable- dependency-tracking \ --enable-eui \ --enable-follow-x-forwarded- for \ --enable-auth \ --enable-auth-basic="DB,fake,getpwnam,LDAP, MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB" \ -- enable- auth-ntlm="smb_lm,fake" \ --enable-auth-digest="file,LDAP, eDirectory" \ --enable-auth-negotiate="kerberos,wrapper" \ -- enable-external-acl-helpers="wbinfo_group,kerberos_ldap_group,AD_group, session,file_userip,unix_group,time_quota" \ --enable-url-rewrite- helpers="fake" \ --enable-disk-io="AIO,Blocking,DiskDaemon, DiskThreads,IpcIo,Mmapped" \ --enable-kill-parent-hack \ -- enable- cache-digests \ --enable-cachemgr-hostname=localhost \ -- enable- delay-pools \ --enable-epoll \ --enable-icap-client \ --enable- ident-lookups \ %ifnarch ppc64 ia64 x86_64 s390x --with- large- files \ %endif --enable-linux-netfilter \ --enable- removal- policies="heap,lru" \ --enable-snmp \ --enable-ssl \ --enable- ssl-crtd \ --enable-storeio="aufs,diskd,ufs,rock" \ -- enable- wccpv2 \ --enable-esi \ --with-aio \ --with-default- user=" squid" \ --with-filedescriptors=16384 \ --with-dl \ -- with- openssl=/usr/include/openssl \ --with-pthreads \ --disable- arch- native The configuration http_port xxx.xxx.xxx.xxx:80 accel vhost https_port xxx.xxx.xxx.xxx:443 accel vhost cert=/etc/squid/cert/xxx. cert key=/etc/squid/cert/xxx.private.key \ cafile=/etc/squid/cert/cafile.cert defaultsite=xxxx sslflags=NO_SESSION_REUSE \ options=NO_SSLv2,NO_SSLv3 cipher=RC4-SHA: HIGHT:!ADH:!aNULL:!EDH:!MD5 sslcontext=ID I would like to know how it's possible to disable ssl client renegotiating. Reading in different maling list, i red that depends on openssl version, but for example I have an other server with the same openssl rpm with apache that It has renegotiation disable. Please, do you have any idea? Thank you Regards,Received on Mon Mar 17 2014 - 13:54:37 MDT
This archive was generated by hypermail 2.2.0 : Mon Mar 24 2014 - 12:00:05 MDT