squid: Disable SSL support
authorMichael Tremer <michael.tremer@ipfire.org>
Sat, 2 May 2015 10:56:09 +0000 (12:56 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Sat, 2 May 2015 10:56:09 +0000 (12:56 +0200)
The SSL support parts of squid are a great security
risk. The majority of all security issues has been
in this area. As we are not using any of that in
production we can as well disable SSL support.

This won't affect squid's possibility to forward
SSL connections with the CONNECT method.

lfs/squid

index 48aaa96..d4fc4c5 100644 (file)
--- a/lfs/squid
+++ b/lfs/squid
@@ -78,12 +78,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --libexecdir=/usr/lib/squid \
                --localstatedir=/var \
                --disable-ipv6 \
+               --disable-ssl \
                --enable-poll \
                --disable-icmp \
                --disable-wccp \
                --enable-ident-lookups \
                --enable-storeio="aufs,diskd,ufs" \
-               --enable-ssl \
                --enable-underscores \
                --enable-http-violations \
                --enable-removal-policies="heap,lru" \