1 automatic (default)
2 SSLv2 only
3 SSLv3 only
- 4 TLSv1 only
+ 4 TLSv1.0 only
+ 5 TLSv1.1 only
+ 6 TLSv1.2 only
cipher= Colon separated list of supported ciphers.
NOTE: some ciphers such as EDH ciphers depend on
options= Various SSL implementation options. The most important
being:
- NO_SSLv2 Disallow the use of SSLv2
- NO_SSLv3 Disallow the use of SSLv3
- NO_TLSv1 Disallow the use of TLSv1
+ NO_SSLv2 Disallow the use of SSLv2
+ NO_SSLv3 Disallow the use of SSLv3
+ NO_TLSv1 Disallow the use of TLSv1.0
+ NO_TLSv1_1 Disallow the use of TLSv1.1
+ NO_TLSv1_2 Disallow the use of TLSv1.2
SINGLE_DH_USE Always create a new key when using
temporary/ephemeral DH key exchanges
ALL Enable various bug workarounds
TYPE: int
DOC_START
SSL version level to use when proxying https:// URLs
+
+ The versions of SSL/TLS supported:
+
+ 1 automatic (default)
+ 2 SSLv2 only
+ 3 SSLv3 only
+ 4 TLSv1.0 only
+ 5 TLSv1.1 only
+ 6 TLSv1.2 only
DOC_END
NAME: sslproxy_options
The most important being:
- NO_SSLv2 Disallow the use of SSLv2
- NO_SSLv3 Disallow the use of SSLv3
- NO_TLSv1 Disallow the use of TLSv1
+ NO_SSLv2 Disallow the use of SSLv2
+ NO_SSLv3 Disallow the use of SSLv3
+ NO_TLSv1 Disallow the use of TLSv1.0
+ NO_TLSv1_1 Disallow the use of TLSv1.1
+ NO_TLSv1_2 Disallow the use of TLSv1.2
SINGLE_DH_USE
Always create a new key when using temporary/ephemeral
DH key exchanges
reference a combined file containing both the
certificate and the key.
- sslversion=1|2|3|4
+ sslversion=1|2|3|4|5|6
The SSL version to use when connecting to this peer
1 = automatic (default)
2 = SSL v2 only
3 = SSL v3 only
- 4 = TLS v1 only
+ 4 = TLS v1.0 only
+ 5 = TLS v1.1 only
+ 6 = TLS v1.2 only
sslcipher=... The list of valid SSL ciphers to use when connecting
to this peer.
ssloptions=... Specify various SSL implementation options:
- NO_SSLv2 Disallow the use of SSLv2
- NO_SSLv3 Disallow the use of SSLv3
- NO_TLSv1 Disallow the use of TLSv1
+ NO_SSLv2 Disallow the use of SSLv2
+ NO_SSLv3 Disallow the use of SSLv3
+ NO_TLSv1 Disallow the use of TLSv1.0
+ NO_TLSv1_1 Disallow the use of TLSv1.1
+ NO_TLSv1_2 Disallow the use of TLSv1.2
SINGLE_DH_USE
Always create a new key when using
temporary/ephemeral DH key exchanges
{
"NO_TLSv1", SSL_OP_NO_TLSv1
},
+#endif
+#if SSL_OP_NO_TLSv1_1
+ {
+ "NO_TLSv1_1", SSL_OP_NO_TLSv1_1
+ },
+#endif
+#if SSL_OP_NO_TLSv1_2
+ {
+ "NO_TLSv1_2", SSL_OP_NO_TLSv1_2
+ },
#endif
{
"", 0
method = TLSv1_server_method();
break;
+ case 5:
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L // NP: not sure exactly which sub-version yet.
+ debugs(83, 5, "Using TLSv1.1.");
+ method = TLSv1_1_server_method();
+#else
+ debugs(83, DBG_IMPORTANT, "TLSv1.1 is not available in this Proxy.");
+ return NULL;
+#endif
+ break;
+
+ case 6:
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L // NP: not sure exactly which sub-version yet.
+ debugs(83, 5, "Using TLSv1.2");
+ method = TLSv1_2_server_method();
+#else
+ debugs(83, DBG_IMPORTANT, "TLSv1.2 is not available in this Proxy.");
+ return NULL;
+#endif
+ break;
+
case 1:
default:
method = TLSv1_client_method();
break;
+ case 5:
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L // NP: not sure exactly which sub-version yet.
+ debugs(83, 5, "Using TLSv1.1.");
+ method = TLSv1_1_client_method();
+#else
+ debugs(83, DBG_IMPORTANT, "TLSv1.1 is not available in this Proxy.");
+ return NULL;
+#endif
+ break;
+
+ case 6:
+#if OPENSSL_VERSION_NUMBER >= 0x10001000L // NP: not sure exactly which sub-version yet.
+ debugs(83, 5, "Using TLSv1.2");
+ method = TLSv1_2_client_method();
+#else
+ debugs(83, DBG_IMPORTANT, "TLSv1.2 is not available in this Proxy.");
+ return NULL;
+#endif
+ break;
+
case 1:
default:
projects / thirdparty / squid.git / commitdiff
