From bd1e63d3c23fedb951c96b0ed378ab7489e0b033 Mon Sep 17 00:00:00 2001
From: Giles Bradshaw <giles.bradshaw@sigyl.com>
Date: Thu, 6 Aug 2020 03:22:20 +0100
Subject: [PATCH] fix: added dhparam.pem

---
 docker/README.md            | 3 +++
 docker/dhparam.pem          | 8 ++++++++
 docker/squid.intercept.conf | 2 +-
 3 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 docker/README.md
 create mode 100644 docker/dhparam.pem

diff --git a/docker/README.md b/docker/README.md
new file mode 100644
index 0000000..390f317
--- /dev/null
+++ b/docker/README.md
@@ -0,0 +1,3 @@
+I made dhparam.pem
+
+    openssl dhparam -outform PEM -out dhparam.pem 2048
\ No newline at end of file
diff --git a/docker/dhparam.pem b/docker/dhparam.pem
new file mode 100644
index 0000000..91e78f7
--- /dev/null
+++ b/docker/dhparam.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEAk5sKJOAoHj9bZCoUyN0pnYwjzS2vCZWcNOCGKVO+MuyVhbphVGez
+UidUVK7OIFX5XUNfrHvxKeN2NkHHfOJXAYdVD/0Th6Ead+nh/xtBw9+ycRhmLR1F
+tQY1Kbv23j8h+rJ0q5aiMnCEKevnbPBlV3ARK1oXjAHVuT08flGOcRLb3Qp+qLKQ
+xX5WGQcFzVJf56MA/bl5bUbuo7e8O1eZYjdtzz+nvk8zaYqEhqrrPkJDPveGdVKu
+FYB4vRfBuOHc/1K9+kwzfNsAYhj51Qs64KjukmpjxZPTVojvnKRqiavRmgBdMWiL
+J8VStE1njcXhusk3jGJazeQ5EsJA9u41qwIBAg==
+-----END DH PARAMETERS-----
diff --git a/docker/squid.intercept.conf b/docker/squid.intercept.conf
index 8e2e991..06f5e2e 100644
--- a/docker/squid.intercept.conf
+++ b/docker/squid.intercept.conf
@@ -28,7 +28,7 @@ htcp_access deny all
 
 visible_hostname git.local-domain
 
-http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem
+http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
 
 always_direct allow all
 acl excluded_sites ssl::server_name .wellsfargo.com