diff --git a/README.md b/README.md index 67d8122..0482a3b 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,11 @@ variables: Default `` If set to `yes` then squid configuration templating removes all `cache_dir` lines, setting squid to memory only cache. + * `TLS_OPTIONS` + Default `NO_SSLv3,NO_TLSv1` + Allow overriding the default tls_outgoing_options supplied to OpenSSL. These + are safe defaults, but if you're in a really broken environment might not be + usable. # Proxychains By default squid in SSL MITM mode treats `cache_peer` entries quite differently. diff --git a/docker-squid/squid.conf.p2 b/docker-squid/squid.conf.p2 index 3e11759..7c920df 100644 --- a/docker-squid/squid.conf.p2 +++ b/docker-squid/squid.conf.p2 @@ -19,7 +19,7 @@ maximum_object_size {{MAX_OBJECT_SIZE|default:"1536 MB"}} cache_mem {{MEM_CACHE_SIZE|default:"128 MB"}} tls_outgoing_options capath=/etc/ssl/certs \ - options=NO_SSLv3,NO_TLSv1 \ + options={{TLS_OPTIONS|default:"NO_SSLv3,NO_TLSv1"}} \ cipher=ALL:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS http_port {{HTTP_PORT}} {% if MITM_PROXY|default:"" == "yes" %} ssl-bump \