Document the sslproxy_options and ssl_proxy_ciphers options.

author Amos Jeffries <squid3@treenet.co.nz>

Fri, 26 Mar 2010 01:30:37 +0000 (14:30 +1300)

committer Amos Jeffries <squid3@treenet.co.nz>

Fri, 26 Mar 2010 01:30:37 +0000 (14:30 +1300)
author Amos Jeffries <squid3@treenet.co.nz>
Fri, 26 Mar 2010 01:30:37 +0000 (14:30 +1300)
committer Amos Jeffries <squid3@treenet.co.nz>
Fri, 26 Mar 2010 01:30:37 +0000 (14:30 +1300)
diff --git a/src/cf.data.pre b/src/cf.data.pre

index 57b4d083a1b1a37ec2966f3aa4918daf464ebd5e..c1da9307494a16e02842a43fe769f3bd0af9197a 100644 (file)
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -1521,6 +1521,19 @@ LOC: Config.ssl_client.options
  TYPE: string
  DOC_START
         SSL engine options to use when proxying https:// URLs
+       
+       The most important being:
+
+               NO_SSLv2  Disallow the use of SSLv2
+               NO_SSLv3  Disallow the use of SSLv3
+               NO_TLSv1  Disallow the use of TLSv1
+               SINGLE_DH_USE
+                       Always create a new key when using
+                       temporary/ephemeral DH key exchanges
+       
+       These options vary depending on your SSL engine.
+       See the OpenSSL SSL_CTX_set_options documentation for a
+       complete list of possible options.
  DOC_END
  
  NAME: sslproxy_cipher
@@ -1530,6 +1543,8 @@ LOC: Config.ssl_client.cipher
  TYPE: string
  DOC_START
         SSL cipher list to use when proxying https:// URLs
+
+       Colon separated list of supported ciphers.
  DOC_END
  
  NAME: sslproxy_cafile
author	Amos Jeffries <squid3@treenet.co.nz>
	Fri, 26 Mar 2010 01:30:37 +0000 (14:30 +1300)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Fri, 26 Mar 2010 01:30:37 +0000 (14:30 +1300)