Hello guys,
I have set up a squid as SSL reverse proxy, it works very fine.
I have checked SSL security against Qualys and they report me that the
server is vulnerable to MITM attacks because it supports insecured
renegotiation
There is my SSL relating configuration:
https_port xx.xx.xx.xx:443 cert=/etc/squid/ssl/RapidSSL_xxx.xxxxxxx.xx.crt
key=/etc/squid/ssl/RapidSSL_xxx.xxxxxxx.xx.key options=NO_SSLv2 cipher=RSA:
HIGH:!eNULL:!aNULL:!LOW:!RC4 RSA:!RC2 RSA:!EXP:!ADH accel ignore-cc
defaultsite=xxx.xxxxxxxx.xx vhost
[...]
cache_peer 10.x.x.x parent 80 0 front-end-https=on name=sw01 no-query
originserver default login=PASS no-digest
[...]
ssl_unclean_shutdown on
[...]
Is it openssl related or squid configuration ????
Many Thanks,
Sebastian
This archive was generated by hypermail 2.2.0 : Mon Nov 15 2010 - 12:00:02 MST