From bcc25f2f1bbfae06135c6ff18f9d94b4313f7067 Mon Sep 17 00:00:00 2001 From: Will Rouesnel Date: Fri, 12 Jan 2018 16:14:56 +1100 Subject: [PATCH] Add TLS_OPTIONS parameter. --- README.md | 5 +++++ docker-squid/squid.conf.p2 | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 67d8122..0482a3b 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,11 @@ variables: Default `` If set to `yes` then squid configuration templating removes all `cache_dir` lines, setting squid to memory only cache. + * `TLS_OPTIONS` + Default `NO_SSLv3,NO_TLSv1` + Allow overriding the default tls_outgoing_options supplied to OpenSSL. These + are safe defaults, but if you're in a really broken environment might not be + usable. # Proxychains By default squid in SSL MITM mode treats `cache_peer` entries quite differently. diff --git a/docker-squid/squid.conf.p2 b/docker-squid/squid.conf.p2 index 3e11759..7c920df 100644 --- a/docker-squid/squid.conf.p2 +++ b/docker-squid/squid.conf.p2 @@ -19,7 +19,7 @@ maximum_object_size {{MAX_OBJECT_SIZE|default:"1536 MB"}} cache_mem {{MEM_CACHE_SIZE|default:"128 MB"}} tls_outgoing_options capath=/etc/ssl/certs \ - options=NO_SSLv3,NO_TLSv1 \ + options={{TLS_OPTIONS|default:"NO_SSLv3,NO_TLSv1"}} \ cipher=ALL:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS http_port {{HTTP_PORT}} {% if MITM_PROXY|default:"" == "yes" %} ssl-bump \