[squid-users] disable ssl client renegotiating

Mon, 17 Mar 2014 06:54:59 -0700 


Hello
I'm using squid-3.4.1 on redhat 6.0 with openssl version 
openssl-
1.0.1e-16.el6_5.4
Here the configure options:
%configure \
   
--
exec_prefix=/usr \
   --libexecdir=%{_libdir}/squid \
   --

localstatedir=/var \
   --datadir=%{_datadir}/squid \
   --sysconfdir=%

{_sysconfdir}/squid \
   --with-logdir='$(localstatedir)/log/squid' \


   --with-pidfile='$(localstatedir)/run/squid.pid' \
   --disable-

dependency-tracking \
   --enable-eui \
   --enable-follow-x-forwarded-

for \
   --enable-auth \
   --enable-auth-basic="DB,fake,getpwnam,LDAP,

MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB" \
   --
enable-
auth-ntlm="smb_lm,fake" \
   --enable-auth-digest="file,LDAP,

eDirectory" \
   --enable-auth-negotiate="kerberos,wrapper" \
   --

enable-external-acl-helpers="wbinfo_group,kerberos_ldap_group,AD_group,

session,file_userip,unix_group,time_quota" \
   --enable-url-rewrite-

helpers="fake" \
   --enable-disk-io="AIO,Blocking,DiskDaemon,

DiskThreads,IpcIo,Mmapped" \
   --enable-kill-parent-hack \
   --
enable-
cache-digests \
   --enable-cachemgr-hostname=localhost \
   --
enable-
delay-pools \
   --enable-epoll \
   --enable-icap-client \
   
--enable-
ident-lookups \
   %ifnarch ppc64 ia64 x86_64 s390x
   --with-
large-
files \
   %endif
   --enable-linux-netfilter \
   --enable-
removal-
policies="heap,lru" \
   --enable-snmp \
   --enable-ssl \
   
--enable-
ssl-crtd  \
   --enable-storeio="aufs,diskd,ufs,rock" \
   --
enable-
wccpv2 \
   --enable-esi \
   --with-aio \
   --with-default-
user="
squid" \
   --with-filedescriptors=16384 \
   --with-dl \
   --
with-
openssl=/usr/include/openssl \
   --with-pthreads \
   --disable-
arch-
native

The configuration

http_port xxx.xxx.xxx.xxx:80 accel 
vhost

https_port xxx.xxx.xxx.xxx:443 accel vhost 
cert=/etc/squid/cert/xxx.
cert key=/etc/squid/cert/xxx.private.key \


cafile=/etc/squid/cert/cafile.cert defaultsite=xxxx 

sslflags=NO_SESSION_REUSE \
options=NO_SSLv2,NO_SSLv3 cipher=RC4-SHA:

HIGHT:!ADH:!aNULL:!EDH:!MD5 sslcontext=ID

I would like to know how 

it's possible to disable ssl client renegotiating. Reading in 
different 
maling list, i red that depends on openssl version, but
for 
example I 
have an other server with the same openssl rpm with apache 
that It has 
renegotiation disable.
Please, do you have any idea?
Thank 
you
Regards,

Reply via email to