|
|||
Relayd as a HTTPS client
I have posted this to misc mailing list 6th January 2016, but no one replied.
Hi, I am using following configuration to connect to TLS websites: Chromium <-> relayd as a server <-> privo- xy <-> relayd as a client <-> hostile Internet I want to focus on relayd as a client in this mailing list thread. I want to instruct relayd as a client to only connect using TLS versions 1.1 and 1.2 to servers. I don't want TLS version 1.0 and SSL version 3.0. Here is , I hope relevant, part of my config /etc/relayd.conf: Code:
http protocol certKlient { tls no cipher-server-preference tls no tlsv1.0 tls tlsv1.1 tls tlsv1.2 tls ca key "/etc/ssl/private/ca.key" password "domek" # i will change that in a future # i don't use that config to my bank account and other relevant websites tls ca cert "/etc/ssl/ca.crt" tls ciphers "HIGH:!aNULL:!eNULL:!SSLv3:!TLSv1:!DSS:!ECDSA:!RSA:!SHA1:-ECDH:ECDHE:+SHA384:+SHA256" pass } relay SendReencryptNormal { listen on 127.0.0.1 port 7443 protocol certKlient forward with tls to destination } Code:
openssl s_server -key key.pem -cert cert.pem -accept 44330 -www -no_ssl3 -no_tls1_1 \ -no_tls1_2 Code:
openssl s_server -key key.pem -cert cert.pem -accept 44330 -www -tls1 and it will connect using TLS version 1.0. New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA SSL-Session: Protocol : TLSv1 Cipher : ECDHE-RSA-AES256-SHA Session-ID: Session-ID-ctx: 01000000 Master-Key: EC6722729D895BEBEDAEDF1964920A6EDEC11674F5FC7F213C 1449AE1CA19C393AD995 \ 2FBC7B8023ECD7767D72B47D9B Start Time: 1452113060 Timeout : 300 (sec) Verify return code: 0 (ok) I can also go to: https://www.ssllabs.com/ssltest/viewMyClient.html and this website also tells me, that I can be connected using TLS version 1.0. So this is my main problem: I don't want to connect using TLS version 1.0. What should I add to /etc/relayd.conf to prevent that? |
Tags |
client, https, relayd, tls |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Strong cipher config for relayd | e1-531g | OpenBSD Security | 1 | 5th September 2015 03:05 AM |
relayd | gpatrick | OpenBSD General | 0 | 8th May 2012 10:10 PM |
OBSD client hangs mounting NFS; Linux client doesn't | amorphousone | OpenBSD General | 7 | 26th August 2010 05:21 AM |
relayd | gpatrick | OpenBSD General | 1 | 16th January 2010 12:19 AM |
relayd won't work with multiple relays | d0z3r | OpenBSD General | 0 | 26th June 2008 09:58 AM |