choose TLS version

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

choose TLS version

Vieri
Hi,

Are the following two lines equivalent?

https_port ... options=NO_SSLv3,NO_SSLv2,NO_TLSv1_1,NO_TLSv1

https_port ... tls-min-version=1.2

Thanks,

Vieri
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: choose TLS version

Amos Jeffries
Administrator
On 3/02/2017 10:19 a.m., Vieri wrote:
> Hi,
>
> Are the following two lines equivalent?
>
> https_port ... options=NO_SSLv3,NO_SSLv2,NO_TLSv1_1,NO_TLSv1
>
> https_port ... tls-min-version=1.2
>

Not quite. SSL is still handled specially by options=.

The top line is equivalent to:

  options=NO_SSLv3 tls-min-version=1.2

(no NO_SSLv2 because Squid-4 does not support SSLv2 things - including
config settings.)

Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users