Merge pull request #1498 from fabianfrz/squid_hardening

harden ciphers and tls versions

Merge pull request #1498 from fabianfrz/squid_hardening
harden ciphers and tls versions
a6fc0d55 · Ad Schellevis · GitHub · 867a9a95 · 98716bd7 · a6fc0d55
Commit a6fc0d55 authored Mar 25, 2017 by Ad Schellevis Committed by GitHub Mar 25, 2017
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

squid.conf src/opnsense/service/templates/OPNsense/Proxy/squid.conf +3 -0

No files found.
--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.conf
@@ -51,6 +51,9 @@
 sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/squid/ssl_crtd -M {{ OPNsense.proxy.forward.ssl_crtd_storage_max_size|default('4') }}MB
 sslcrtd_children {{ OPNsense.proxy.forward.sslcrtd_children|default('5') }}

+sslproxy_cipher HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
+sslproxy_options NO_TLSv1
+
 # setup ssl bump acl's
 acl bump_step1 at_step SslBump1
 acl bump_step2 at_step SslBump2