Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

squid - Remove NT Domain auth (Bug #7017), allow some configuration for DH and cipher suites (Feature #6593), fix EDH and EECDH cipher suites (Bug #6592), some cosmetics #241

Merged
merged 12 commits into from
Dec 27, 2016
Merged

squid - Remove NT Domain auth (Bug #7017), allow some configuration for DH and cipher suites (Feature #6593), fix EDH and EECDH cipher suites (Bug #6592), some cosmetics #241

merged 12 commits into from
Dec 27, 2016

Conversation

doktornotor
Copy link
Contributor

@doktornotor doktornotor commented Dec 22, 2016
edited
Loading

  1. Remove NT Domain authentication. Dead deprecated junk. This has been broken ever since 2.3 release (https://redmine.pfsense.org/issues/7017) without anyone noticing. Just use LDAP for AD authentication.

  2. Added Modern and Intermediate options for cipher suites

  1. Fixed EDH and EECDH cipher suites usage (Bug #6592)

  2. Cosmetics

  • Fix "Update AV" button handling
  • Remove confusing note about CP patch
  • Handle IPv6 IPs in "User Defined Reverse Proxy IPs" properly - requested and tested by a user @ https://forum.pfsense.org/index.php?topic=123077.0
  • Nuked some comments cruft remaining from bootstrap conversion while here.

doktornotor added 3 commits December 22, 2016 22:08
Fix update button handling
893ddb0
Remove a confusing note
f10d95a 
This feature has been gone for quite a while, plus the GitHub repo link to master branch is no good in general.
Bump port version
110bb05
Remove NT Domain authentication
0452d01 
Dead deprecated junk. This has been broken ever since 2.3 release without anyone noticing. Just use LDAP for AD authentication.
@doktornotor doktornotor changed the title Some squid cosmetics squid - Remove NT Domain auth (Bug #7017), some cosmetics Dec 22, 2016
doktornotor added 7 commits December 23, 2016 00:46
Remove NT Domain authentication
0b6ea76 
Dead deprecated junk. This has been broken ever since 2.3 release without anyone noticing. Just use LDAP for AD authentication.
Remove NT Domain authentication
842f326 
Dead deprecated junk. This has been broken ever since 2.3 release without anyone noticing. Just use LDAP for AD authentication.
Make some noise about NT Domain auth if enabled
98c8eef
Handle IPv6 configured in "User Defined Reverse Proxy IPs" properly
5a136a1
Add a hint about IPv6
dc7ad76
Allow some configuration for DH and cipher suites (Feature #6593)
ddc2649 
1. Added Modern and Intermediate options for cipher suites 

- settings per http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#Modern_DH.2FEDH_ciphers_usage docs
- modern disables TLS v1.0 as well (matching the behavior of reverse proxy)
- intermediate enables the HIGH cipher suites for compatibility
- add DH key size selection (defaults to 2048 for security)

2. Nuked some comments cruft remaining from bootstrap conversion while here.
Allow some configuration for DH and cipher suites (Feature #6593), fi…
ee1e1e9 
…x EDH and EECDH cipher suites (Bug #6592)

1. Added Modern and Intermediate options for cipher suites 

- settings per http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit#Modern_DH.2FEDH_ciphers_usage docs
- modern disables TLS v1.0 as well (matching the behavior of reverse proxy)
- intermediate enables the HIGH cipher suites for compatibility
- add DH key size selection (defaults to 2048 for security)

2. Fixed EDH and EECDH cipher suites usage (Bug #6592)
@doktornotor doktornotor changed the title squid - Remove NT Domain auth (Bug #7017), some cosmetics squid - Remove NT Domain auth (Bug #7017), allow some configuration for DH and cipher suites (Feature #6593), fix EDH and EECDH cipher suites (Bug #6592), some cosmetics Dec 26, 2016
@rbgarga rbgarga requested a review from jim-p December 26, 2016 14:31
Fix EDH and EECDH cipher suites for reverse proxy as well (Bug #6592)
2cb8bcf 
Also redo the logic here to match the one used in squid.inc
@doktornotor
Copy link
Contributor Author

doktornotor commented Dec 26, 2016
edited
Loading

Should be complete now, other fixes need to wait for next round.

@netgate-git-updates netgate-git-updates merged commit 2cb8bcf into pfsense:devel Dec 27, 2016
netgate-git-updates pushed a commit that referenced this pull request Dec 27, 2016
@rbgarga
Merge pull request #241 from doktornotor/patch-1
0175b82
@doktornotor doktornotor deleted the patch-1 branch December 27, 2016 12:48
netgate-git-updates pushed a commit that referenced this pull request Jul 1, 2023
@osokin
www/jwt-cli: update 5.0.3 -> 6.0.0
12eee39 
<ChangeLog>

- [BREAKING] Update from clap 3 to clap 4.
  This forces the use of --exp/-e to require an = sign, which was not
  required before.  This means that when you used to be able to write
  --exp +365d, you must now write --exp=+365d.  This is only required
  for this flag.

- Added --out argument to save output to a file #221
- Added support for EdDSA #238
- Added --date argument to change the display format of the
  timestamps #235
- Added --no-typ argument to prevent typ from being added to
  the header
- Add Scoop installation info #241
- Add Macports installation info #231

Changes
- Dependency updates
- Remove Gofish installation info. See #228
- Update from jsonwebtoken 7 to 8

Fixes
- Added better error handling for improper secret and algorithm
  combinations

</ChangeLog>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rbgarga rbgarga rbgarga approved these changes

@jim-p jim-p Awaiting requested review from jim-p

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@doktornotor @rbgarga @netgate-git-updates