X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=config;h=b65e6f37fc8169403bf2d13533e339c699472c31;hb=fec77614c5c9f603a901fd38ff1f7c8fc67a259a;hp=fde2e0546a6851066094ba85c2aae9f4413baad8;hpb=5e80fba6cb9dd09a9ab313078c3350e31ce63a99;p=privoxy.git diff --git a/config b/config index fde2e054..b65e6f37 100644 --- a/config +++ b/config @@ -1,4 +1,4 @@ -# Sample Configuration File for Privoxy 3.0.31 +# Sample Configuration File for Privoxy 3.0.33 # # Copyright (C) 2001-2021 Privoxy Developers https://www.privoxy.org/ # @@ -592,7 +592,7 @@ logfile logfile # each request as it happens. 1, 1024, 4096 and 8192 are # recommended so that you will notice when things go wrong. The # other levels are probably only of interest if you are hunting -# down a specific problem. They can produce a hell of an output +# down a specific problem. They can produce a lot of output # (especially 16). # # If you are used to the more verbose settings, simply enable @@ -764,8 +764,8 @@ logfile logfile # consider using access control lists (ACL's, see below), and/or # a firewall. # -# If you open Privoxy to untrusted users, you will also want to -# make sure that the following actions are disabled: +# If you open Privoxy to untrusted users, you should also make +# sure that the following actions are disabled: # enable-edit-actions and enable-remote-toggle # # Example: @@ -1457,8 +1457,8 @@ enable-proxy-authentication-forwarding 0 # might want to make some exceptions: # # forward 192.168.*.*/ . -# forward 10.*.*.*/ . -# forward 127.*.*.*/ . +# forward 10.*.*.*/ . +# forward 127.*.*.*/ . # # Unencrypted connections to systems in these address ranges # will be as (un)secure as the local network is, but the @@ -1471,7 +1471,7 @@ enable-proxy-authentication-forwarding 0 # network by using their names, you will need additional # exceptions that look like this: # -# forward localhost/ . +# forward localhost/ . # # # 5.3. forwarded-connect-retries @@ -1831,11 +1831,11 @@ tolerate-pipelining 1 # speedups. There are also a few privacy implications you should # be aware of. # -# If this option is effective, outgoing connections are shared +# If this option is enabled, outgoing connections are shared # between clients (if there are more than one) and closing the -# browser that initiated the outgoing connection does no longer -# affect the connection between Privoxy and the server unless -# the client's request hasn't been completed yet. +# browser that initiated the outgoing connection does not affect +# the connection between Privoxy and the server unless the +# client's request hasn't been completed yet. # # If the outgoing connection is idle, it will not be closed # until either Privoxy's or the server's timeout is reached. @@ -1917,12 +1917,10 @@ socket-timeout 300 # # 128 # -# Effect if unset: +# Notes: # # Connections are served until a resource limit is reached. # -# Notes: -# # Privoxy creates one thread (or process) for every incoming # client connection that isn't rejected based on the access # control settings. @@ -2169,19 +2167,18 @@ socket-timeout 300 # # Examples: # -# # Best speed (compared to the other levels) -# compression-level 1 +# # Best speed (compared to the other levels) +# compression-level 1 # -# # Best compression -# compression-level 9 -# -# # No compression. Only useful for testing as the added header -# # slightly increases the amount of data that has to be sent. -# # If your benchmark shows that using this compression level -# # is superior to using no compression at all, the benchmark -# # is likely to be flawed. -# compression-level 0 +# # Best compression +# compression-level 9 # +# # No compression. Only useful for testing as the added header +# # slightly increases the amount of data that has to be sent. +# # If your benchmark shows that using this compression level +# # is superior to using no compression at all, the benchmark +# # is likely to be flawed. +# compression-level 0 # #compression-level 1 # @@ -2332,7 +2329,6 @@ socket-timeout 300 # client-tag-lifetime 180 # # -# # 6.18. trust-x-forwarded-for # ============================ # @@ -2380,7 +2376,6 @@ socket-timeout 300 # trust-x-forwarded-for 1 # # -# # 6.19. receive-buffer-size # ========================== # @@ -2668,63 +2663,60 @@ socket-timeout 300 # Examples: # # # Explicitly set a couple of ciphers with names used by MbedTLS -# cipher-list cipher-list TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\ -# TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:\ -# TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\ -# TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:\ -# TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:\ -# TLS-ECDHE-ECDSA-WITH-AES-256-CCM:\ -# TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8:\ -# TLS-ECDHE-ECDSA-WITH-AES-128-CCM:\ -# TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8:\ -# TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256:\ -# TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384:\ -# TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:\ -# TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:\ -# TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256:\ -# TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384:\ -# TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:\ -# TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:\ -# TLS-DHE-RSA-WITH-AES-256-CCM:\ -# TLS-DHE-RSA-WITH-AES-256-CCM-8:\ -# TLS-DHE-RSA-WITH-AES-128-CCM:\ -# TLS-DHE-RSA-WITH-AES-128-CCM-8:\ -# TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256:\ -# TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384:\ -# TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256:\ -# TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384:\ -# TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256:\ -# TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384:\ -# TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256:\ -# TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384:\ -# TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256:\ -# TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 -# +# cipher-list cipher-list TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\ +# TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:\ +# TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\ +# TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:\ +# TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:\ +# TLS-ECDHE-ECDSA-WITH-AES-256-CCM:\ +# TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8:\ +# TLS-ECDHE-ECDSA-WITH-AES-128-CCM:\ +# TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8:\ +# TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256:\ +# TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384:\ +# TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:\ +# TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:\ +# TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256:\ +# TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384:\ +# TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:\ +# TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:\ +# TLS-DHE-RSA-WITH-AES-256-CCM:\ +# TLS-DHE-RSA-WITH-AES-256-CCM-8:\ +# TLS-DHE-RSA-WITH-AES-128-CCM:\ +# TLS-DHE-RSA-WITH-AES-128-CCM-8:\ +# TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256:\ +# TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384:\ +# TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256:\ +# TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384:\ +# TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256:\ +# TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384:\ +# TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256:\ +# TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384:\ +# TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256:\ +# TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 # # # Explicitly set a couple of ciphers with names used by OpenSSL -# cipher-list ECDHE-RSA-AES256-GCM-SHA384:\ -# ECDHE-ECDSA-AES256-GCM-SHA384:\ -# DH-DSS-AES256-GCM-SHA384:\ -# DHE-DSS-AES256-GCM-SHA384:\ -# DH-RSA-AES256-GCM-SHA384:\ -# DHE-RSA-AES256-GCM-SHA384:\ -# ECDH-RSA-AES256-GCM-SHA384:\ -# ECDH-ECDSA-AES256-GCM-SHA384:\ -# ECDHE-RSA-AES128-GCM-SHA256:\ -# ECDHE-ECDSA-AES128-GCM-SHA256:\ -# DH-DSS-AES128-GCM-SHA256:\ -# DHE-DSS-AES128-GCM-SHA256:\ -# DH-RSA-AES128-GCM-SHA256:\ -# DHE-RSA-AES128-GCM-SHA256:\ -# ECDH-RSA-AES128-GCM-SHA256:\ -# ECDH-ECDSA-AES128-GCM-SHA256:\ -# ECDHE-RSA-AES256-GCM-SHA384:\ -# AES128-SHA -# +# cipher-list ECDHE-RSA-AES256-GCM-SHA384:\ +# ECDHE-ECDSA-AES256-GCM-SHA384:\ +# DH-DSS-AES256-GCM-SHA384:\ +# DHE-DSS-AES256-GCM-SHA384:\ +# DH-RSA-AES256-GCM-SHA384:\ +# DHE-RSA-AES256-GCM-SHA384:\ +# ECDH-RSA-AES256-GCM-SHA384:\ +# ECDH-ECDSA-AES256-GCM-SHA384:\ +# ECDHE-RSA-AES128-GCM-SHA256:\ +# ECDHE-ECDSA-AES128-GCM-SHA256:\ +# DH-DSS-AES128-GCM-SHA256:\ +# DHE-DSS-AES128-GCM-SHA256:\ +# DH-RSA-AES128-GCM-SHA256:\ +# DHE-RSA-AES128-GCM-SHA256:\ +# ECDH-RSA-AES128-GCM-SHA256:\ +# ECDH-ECDSA-AES128-GCM-SHA256:\ +# ECDHE-RSA-AES256-GCM-SHA384:\ +# AES128-SHA # # # Use keywords instead of explicitly naming the ciphers (Does not work with MbedTLS) -# cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH -# +# cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH # # # 7.7. trusted-cas-file @@ -2787,49 +2779,35 @@ socket-timeout 300 # #log-buffer-size 1 # -# -# # log-max-lines is the maximum number of lines held in the log # buffer. See above. # #log-max-lines 200 # -# -# # If "log-highlight-messages" is set to 1, Privoxy will highlight # portions of the log messages with a bold-faced font: # #log-highlight-messages 1 # -# -# # The font used in the console window: # #log-font-name Comic Sans MS # -# -# # Font size used in the console window: # #log-font-size 8 # -# -# # "show-on-task-bar" controls whether or not Privoxy will appear as # a button on the Task bar when minimized: # #show-on-task-bar 0 # -# -# # If "close-button-minimizes" is set to 1, the Windows close button # will minimize Privoxy instead of closing the program (close with # the exit option on the File menu). # #close-button-minimizes 1 # -# -# # The "hide-console" option is specific to the MS-Win console # version of Privoxy. If this option is used, Privoxy will # disconnect from and hide the command console. @@ -2837,4 +2815,3 @@ socket-timeout 300 #hide-console # # -#