From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 19 Mar 2010 11:47:47 +0000 (+1300)
Subject: Document the sslproxy_options and ssl_proxy_ciphers options.
X-Git-Tag: SQUID_3_2_0_1~352
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ab202e4cb365fca833afc8835c873ed926126810;p=thirdparty%2Fsquid.git

Document the sslproxy_options and ssl_proxy_ciphers options.
---

diff --git a/src/cf.data.pre b/src/cf.data.pre
index dfa4510eb1..f2076e1b26 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1581,6 +1581,19 @@ LOC: Config.ssl_client.options
 TYPE: string
 DOC_START
 	SSL engine options to use when proxying https:// URLs
+	
+	The most important being:
+
+		NO_SSLv2  Disallow the use of SSLv2
+		NO_SSLv3  Disallow the use of SSLv3
+		NO_TLSv1  Disallow the use of TLSv1
+		SINGLE_DH_USE
+			Always create a new key when using
+			temporary/ephemeral DH key exchanges
+	
+	These options vary depending on your SSL engine.
+	See the OpenSSL SSL_CTX_set_options documentation for a
+	complete list of possible options.
 DOC_END
 
 NAME: sslproxy_cipher
@@ -1590,6 +1603,8 @@ LOC: Config.ssl_client.cipher
 TYPE: string
 DOC_START
 	SSL cipher list to use when proxying https:// URLs
+
+	Colon separated list of supported ciphers.
 DOC_END
 
 NAME: sslproxy_cafile