Document the sslproxy_options and ssl_proxy_ciphers options.

author Amos Jeffries <squid3@treenet.co.nz>

Fri, 19 Mar 2010 11:47:47 +0000 (00:47 +1300)

committer Amos Jeffries <squid3@treenet.co.nz>

Fri, 19 Mar 2010 11:47:47 +0000 (00:47 +1300)
author Amos Jeffries <squid3@treenet.co.nz>
Fri, 19 Mar 2010 11:47:47 +0000 (00:47 +1300)
committer Amos Jeffries <squid3@treenet.co.nz>
Fri, 19 Mar 2010 11:47:47 +0000 (00:47 +1300)
diff --git a/src/cf.data.pre b/src/cf.data.pre

index dfa4510eb1df5f787ac0ccb5fb01307344101ce3..f2076e1b26b6c981ad0a23c4c87266d6a6e3764e 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1581,6 +1581,19 @@ LOC: Config.ssl_client.options
  TYPE: string
  DOC_START
         SSL engine options to use when proxying https:// URLs
+       
+       The most important being:
+
+               NO_SSLv2  Disallow the use of SSLv2
+               NO_SSLv3  Disallow the use of SSLv3
+               NO_TLSv1  Disallow the use of TLSv1
+               SINGLE_DH_USE
+                       Always create a new key when using
+                       temporary/ephemeral DH key exchanges
+       
+       These options vary depending on your SSL engine.
+       See the OpenSSL SSL_CTX_set_options documentation for a
+       complete list of possible options.
  DOC_END
  
  NAME: sslproxy_cipher
@@ -1590,6 +1603,8 @@ LOC: Config.ssl_client.cipher
  TYPE: string
  DOC_START
         SSL cipher list to use when proxying https:// URLs
+
+       Colon separated list of supported ciphers.
  DOC_END
  
  NAME: sslproxy_cafile
author	Amos Jeffries <squid3@treenet.co.nz>
	Fri, 19 Mar 2010 11:47:47 +0000 (00:47 +1300)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Fri, 19 Mar 2010 11:47:47 +0000 (00:47 +1300)