From 88b1e637ac581b836bcdfa4a44deeef2d8ff9711 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 2 May 2015 12:56:09 +0200 Subject: [PATCH] squid: Disable SSL support The SSL support parts of squid are a great security risk. The majority of all security issues has been in this area. As we are not using any of that in production we can as well disable SSL support. This won't affect squid's possibility to forward SSL connections with the CONNECT method. --- lfs/squid | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/squid b/lfs/squid index 48aaa965ae..d4fc4c5a13 100644 --- a/lfs/squid +++ b/lfs/squid @@ -78,12 +78,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --libexecdir=/usr/lib/squid \ --localstatedir=/var \ --disable-ipv6 \ + --disable-ssl \ --enable-poll \ --disable-icmp \ --disable-wccp \ --enable-ident-lookups \ --enable-storeio="aufs,diskd,ufs" \ - --enable-ssl \ --enable-underscores \ --enable-http-violations \ --enable-removal-policies="heap,lru" \ -- 2.39.2