docker
/
squid-4
1
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity

Add TLS_OPTIONS parameter.

This commit is contained in:
Will Rouesnel 2018-01-12 16:14:56 +11:00
parent 3b98da64fc
commit bcc25f2f1b
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -57,6 +57,11 @@ variables:
Default `` Default ``
If set to `yes` then squid configuration templating removes all `cache_dir` If set to `yes` then squid configuration templating removes all `cache_dir`
lines, setting squid to memory only cache. lines, setting squid to memory only cache.
* `TLS_OPTIONS`
Default `NO_SSLv3,NO_TLSv1`
Allow overriding the default tls_outgoing_options supplied to OpenSSL. These
are safe defaults, but if you're in a really broken environment might not be
usable.
# Proxychains # Proxychains
By default squid in SSL MITM mode treats `cache_peer` entries quite differently. By default squid in SSL MITM mode treats `cache_peer` entries quite differently.

2
docker-squid/squid.conf.p2
View File

@ -19,7 +19,7 @@ maximum_object_size {{MAX_OBJECT_SIZE|default:"1536 MB"}}
cache_mem {{MEM_CACHE_SIZE|default:"128 MB"}} cache_mem {{MEM_CACHE_SIZE|default:"128 MB"}}
tls_outgoing_options capath=/etc/ssl/certs \ tls_outgoing_options capath=/etc/ssl/certs \
options=NO_SSLv3,NO_TLSv1 \ options={{TLS_OPTIONS|default:"NO_SSLv3,NO_TLSv1"}} \
cipher=ALL:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS cipher=ALL:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
http_port {{HTTP_PORT}} {% if MITM_PROXY|default:"" == "yes" %} ssl-bump \ http_port {{HTTP_PORT}} {% if MITM_PROXY|default:"" == "yes" %} ssl-bump \