Add TLS_OPTIONS parameter.

2018-01-12 16:14:56 +11:00 · 2018-01-12 16:14:56 +11:00 · bcc25f2f1b
parent 3b98da64fc
commit bcc25f2f1b
2 changed files with 6 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -57,6 +57,11 @@ variables:
   Default ``
   If set to `yes` then squid configuration templating removes all `cache_dir`
   lines, setting squid to memory only cache.
+ * `TLS_OPTIONS`
+   Default `NO_SSLv3,NO_TLSv1`
+   Allow overriding the default tls_outgoing_options supplied to OpenSSL. These
+   are safe defaults, but if you're in a really broken environment might not be
+   usable.

 # Proxychains
 By default squid in SSL MITM mode treats `cache_peer` entries quite differently.
--- a/docker-squid/squid.conf.p2
+++ b/docker-squid/squid.conf.p2
@ -19,7 +19,7 @@ maximum_object_size {{MAX_OBJECT_SIZE|default:"1536 MB"}}
 cache_mem {{MEM_CACHE_SIZE|default:"128 MB"}}

 tls_outgoing_options capath=/etc/ssl/certs \
-    options=NO_SSLv3,NO_TLSv1 \
+    options={{TLS_OPTIONS|default:"NO_SSLv3,NO_TLSv1"}} \
    cipher=ALL:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

 http_port {{HTTP_PORT}} {% if MITM_PROXY|default:"" == "yes" %} ssl-bump \