squid: Disable SSL support

The SSL support parts of squid are a great security
risk. The majority of all security issues has been
in this area. As we are not using any of that in
production we can as well disable SSL support.

This won't affect squid's possibility to forward
SSL connections with the CONNECT method.

diff --git a/lfs/squid b/lfs/squid
index 48aaa965ae4b45241a240c88bfbbb18ed8e9b932..d4fc4c5a13682a0d04cb49230694f312d171512a 100644 (file)
--- a/lfs/squid
+++ b/lfs/squid
@@ -78,12 +78,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
                --libexecdir=/usr/lib/squid \
                --localstatedir=/var \
                --disable-ipv6 \
+               --disable-ssl \
                --enable-poll \
                --disable-icmp \
                --disable-wccp \
                --enable-ident-lookups \
                --enable-storeio="aufs,diskd,ufs" \
-               --enable-ssl \
                --enable-underscores \
                --enable-http-violations \
                --enable-removal-policies="heap,lru" \