On 2013-08-01 13:00, PSA4444 wrote:
> I run some websites behind a squid reverse proxy with SSL enabled.
>
> I ran the free SSL Labs assessment on it and found the following
> problems:
>
> https://www.ssllabs.com/ssltest/
>
> SSL_RSA_EXPORT_WITH_RC4_40_MD5 (0x3) WEAK 40
> SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x6) WEAK 40
> SSL_RSA_EXPORT_WITH_DES40_CBC_SHA (0x8) WEAK 40
> SSL_RSA_WITH_DES_CBC_SHA (0x9) WEAK 56
>
>
> How can I disable these weak cipher suites?
>
http://www.squid-cache.org/Doc/config/https_port/
Use the cipher= option on your https_port to set an explicit set of
ciphers which are to be supported there.
It takes the usual TLSv1:!SSLv2:RC4!aNULL:!eNULL:!3DES style of syntax.
> I also want to disable TLS compression.
>
I'm not certain about on this one. It may be an option= parameter
available, or something needed in the openssl system-wide config file.
Amos
Received on Thu Aug 01 2013 - 04:14:46 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 01 2013 - 12:00:32 MDT