RE: [squid-users] RE: RE : [squid-users] [Squid 3.1.9] SSL Reverse PROXY - Insecure Renegotiation Supported

Hi Amos,

Glad to hear you, I have already try and retry this one, but no changes... this is freaky and I'm tired :)

I will continue tomorrow, I think I need to find a guide to compile squid with "non-system" ssl libraries/headers.

Otherwise, is there a way to know with wich openssl squid is compiled??? Because à every time squid will run correctly in ssl mode... :-/

Man thanks,

Sebastian

-----Message d'origine-----
De : Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Envoyé : lundi 15 novembre 2010 23:55
À : Sébastien WENSKE
Cc : Dean Weimer; squid-users_at_squid-cache.org
Objet : RE: [squid-users] RE: RE : [squid-users] [Squid 3.1.9] SSL Reverse PROXY - Insecure Renegotiation Supported

On Mon, 15 Nov 2010 21:33:40 +0000, Sébastien WENSKE <sebastien_at_wenske.fr>
wrote:
> Thanks for your support Dean, but I'm definitively a n00b :) I had
> compile many times (without error) with some ssl paths, but no result
> I got the same result on the scan...
>
> I compiled openssl with no particular option (no make install)
>
> ./configure --localstatedir=/var --prefix=/usr
> --includedir=/usr/include --datadir=/usr/share --bindir=/usr/sbin
> --libexecdir=/usr/lib/squid --exec-prefix=/usr --sysconfdir=/etc/squid
> --enable-x-accelerator-vary --with-default-user=proxy --enable-ssl
> --enable-follow-x-forwarded-for --enable-underscores
> --enable-delay-pools --enable-cache-digests --enable-auth="basic"
> --enable-ecap
> --with-openssl=/usr/src/openssl/openssl-1.0.0a/include/openssl

I think this should be
  --with-openssl=/usr/src/openssl/openssl-1.0.0a/

>
> I'm lost ... I need to fix this issue before implementing this in my
> company ...
>
> Cheers,
>
> Sebastian
>