> -----Original Message-----
> From: Sébastien WENSKE [mailto:[email protected]]
> Sent: Monday, November 15, 2010 11:29 AM
> To: [email protected]
> Subject: [squid-users] RE: RE : [squid-users] [Squid 3.1.9] SSL Reverse PROXY
> - Insecure Renegotiation Supported
>
> Thanks Dean,
>
> I have tried to compile with openssl 10.0.0a, but I get the same result...
> even with sslproxy_ directives.
>
> Can you check your server on https://www.ssllabs.com/ssldb/index.html just to
> see....
>
> In my case:
>
> browser <--- HTTPS ----> reverse proxy (squid 3.1.9) <---- HTTP -----> OWA
> 2010 (IIS 7.5)
>
> Maybe I miss something, how can I see which version of openssl is use in squid
> ?
>
Here is the information I got back, minus the certificate section, the overall
score was a 91. When you compiled with openssl, make sure to use the
--with-openssl=[DIR] to specify your path. To make sure you hit the version
you installed, and not the local system libraries as they may differ. Though
it would be best to update the local system libraries as well if possible.
Protocols
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3.0 Yes
SSL 2.0+ Upgrade Support Yes
SSL 2.0 No
Cipher Suites (sorted; server has no preference)
TLS_RSA_WITH_IDEA_CBC_SHA (0x7) 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 128
TLS_RSA_WITH_SEED_CBC_SHA (0x96) 128
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 168
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
Miscellaneous
Test date Mon Nov 15 18:49:14 UTC 2010
Test duration 102.430 seconds
Server signature Microsoft-IIS/6.0
Session resumption Yes
Renegotiation Secure Renegotiation Supported
Strict Transport Security No
TLS Version Tolerance 0x0304: 0x301; 0x0399: 0x301; 0x0499: fail
PCI compliant Yes
FIPS-ready No
Thanks,
Dean Weimer
Network Administrator
Orscheln Management Co
