git.ipfire.org Git - thirdparty/squid.git/commit

]> git.ipfire.org Git - thirdparty/squid.git/commit

projects / thirdparty / squid.git / commit

author	Henrik Nordstrom <henrik@henriknordstrom.net>
	Fri, 27 Jan 2012 12:52:44 +0000 (05:52 -0700)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Fri, 27 Jan 2012 12:52:44 +0000 (05:52 -0700)
commit	2f7c7f02d133a2a92ee64bcc9c80867ceb624661
tree	d54c7a583a5fa1766d7f29f6a40d03a04a36e5e1	tree
parent	36fd2317a2a72cd87b97fcdbfa828eb26472b1af	commit \| diff

Disable OpenSSL SSL/TLS bug workarounds by default

On a closer inspection the set of "harmless" SSL/TLS bug workarounds
set by SSL_OP_ALL is not all of them harmless and reduces the SSL/TLS
strength to some attacks.

To revert to the older mode the ALL option can be set explicitly, but
it's better to understand which bug is encountered and enable only that
specific workaround if needed.

src/cf.data.pre		diff \| blob \| blame \| history
src/ssl/support.cc		diff \| blob \| blame \| history

Mirror of https://github.com/squid-cache/squid.git

RSS Atom