Set HTTPS proxy default to TLS/1.0+ with no SSLv3 support

author Amos Jeffries <squid3@treenet.co.nz>

Mon, 29 Jun 2015 12:42:34 +0000 (05:42 -0700)

committer Amos Jeffries <squid3@treenet.co.nz>

Mon, 29 Jun 2015 12:42:34 +0000 (05:42 -0700)
author Amos Jeffries <squid3@treenet.co.nz>
Mon, 29 Jun 2015 12:42:34 +0000 (05:42 -0700)
committer Amos Jeffries <squid3@treenet.co.nz>
Mon, 29 Jun 2015 12:42:34 +0000 (05:42 -0700)
diff --git a/src/cf.data.pre b/src/cf.data.pre

index 1b61f5cf54458120cec4aef47c791586e61e7ba7..fc4a21cf6dde23c0f49e9d175e4ee283789431b3 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -2591,7 +2591,7 @@ COMMENT_END
  NAME: tls_outgoing_options
  IFDEF: USE_GNUTLS||USE_OPENSSL
  TYPE: securePeerOptions
-DEFAULT: disable
+DEFAULT: min-version=1.0 options=NO_SSLv3
  LOC: Security::ProxyOutgoingConfig
  DOC_START
         disable         Do not support https:// URLs.
author	Amos Jeffries <squid3@treenet.co.nz>
	Mon, 29 Jun 2015 12:42:34 +0000 (05:42 -0700)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Mon, 29 Jun 2015 12:42:34 +0000 (05:42 -0700)