in src/js/helpers/squid.js [3:54]
export default (form, output) => {
var minver_4 = minver("4", form.serverVersion);
var opts =
' options='+
(minver_4 ? 'NO_SSLV3' : 'NO_SSLv2,NO_SSLv3')+
(!output.protocols.includes('TLSv1') ? ',NO_TLSv1' : '')+
(!output.protocols.includes('TLSv1.1') ? ',NO_TLSv1_1' : '')+
(!output.protocols.includes('TLSv1.2') ? ',NO_TLSv1_2' : '')+
',NO_TICKET';
if (output.ciphers.length) {
opts +=
' \\\n'+
' cipher='+output.ciphers.join(':');
}
if (output.usesDhe) {
opts +=
' \\\n'+
' tls-dh=/path/to/dhparam # '+output.dhCommand+' > /path/to/dhparam';
}
opts +=
'\n';
var tlsprefix = minver_4 ? 'tls-' : '';
var conf =
'# '+output.header+'\n'+
'# '+output.link+'\n'+
'\n'+
'# The following example shows Squid configured as a cache proxy with SSL bump enabled\n'+
'\n'+
'http_port 3128 ssl-bump \\\n'+
' '+tlsprefix+'cert=/path/to/ca_signing_cert \\\n'+
' '+tlsprefix+'key=/path/to/ca_signing_private_key \\\n'+
opts+
'\n'+
'sslcrtd_program /usr/lib/squid/'+(minver_4 ? 'security_file_certgen' : 'ssl_crtd')+' -s /var/cache/squid/ssl_db -M 4MB\n'+
'acl step1 at_step SslBump1\n'+
'ssl_bump peek step1\n'+
'ssl_bump bump all\n'+
'\n'+
'\n'+
'# The following example shows Squid configured as a reverse Proxy / Accelerator\n'+
'\n'+
'https_port 443 accel defaultsite=example.net \\\n'+
' '+tlsprefix+'cert=/path/to/signed_cert_plus_intermediates \\\n'+
' '+tlsprefix+'key=/path/to/private_key \\\n'+
opts;
return conf;
};