]> git.ipfire.org Git - thirdparty/squid.git/commit
projects / thirdparty / squid.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b52d061) | patch
Disable OpenSSL SSL/TLS bug workarounds by default
authorHenrik Nordstrom <henrik@henriknordstrom.net>
Sat, 21 Jan 2012 23:04:54 +0000 (00:04 +0100)
committerHenrik Nordstrom <henrik@henriknordstrom.net>
Sat, 21 Jan 2012 23:04:54 +0000 (00:04 +0100)
commit943c5f168a8650d233e4562c90048429cce84bb3
treee6455377cf78f25d3cfb68c02665af857c31eb0atree
parentb52d0612a36147aeddc057667eda6a1d81b23baecommit | diff
Disable OpenSSL SSL/TLS bug workarounds by default

On a closer inspection the set of "harmless" SSL/TLS bug workarounds
set by SSL_OP_ALL is not all of them harmless and reduces the SSL/TLS
strength to some attacks.

To revert to the older mode the ALL option can be set explicitly, but
it's better to understand which bug is encountered and enable only that
specific workaround if needed.
src/cf.data.pre diff | blob | blame | history
src/ssl/support.cc diff | blob | blame | history
Mirror of https://github.com/squid-cache/squid.git