X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=doc%2Fsource%2Fp-config.sgml;h=5b82d397b13a1eefe620a55e9464714e4dee764c;hp=d91444582f9b6bbc448e6dbcd259954d01d12a39;hb=a9b77297dd098e5f3de193bf584cdcf97f7be705;hpb=a74d048aba1e3c5f50b9b60bd954ac96fc54cb25
diff --git a/doc/source/p-config.sgml b/doc/source/p-config.sgml
index d9144458..5b82d397 100644
--- a/doc/source/p-config.sgml
+++ b/doc/source/p-config.sgml
@@ -107,7 +107,7 @@ Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
4. ACCESS CONTROL AND SECURITY #
5. FORWARDING #
6. MISCELLANEOUS #
- 7. TLS #
+ 7. HTTPS INSPECTION (EXPERIMENTAL) #
8. WINDOWS GUI OPTIONS #
#
##################################################################
@@ -1630,7 +1630,7 @@ actionsfile
- Examples:
+ Example:
enforce-blocks 1
@@ -2508,7 +2508,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
forwarded-connect-retries 1
@@ -2585,7 +2585,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
accept-intercepted-requests 1
@@ -2643,7 +2643,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
allow-cgi-request-crunching 1
@@ -2710,7 +2710,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
split-large-forms 1
@@ -2793,7 +2793,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
keep-alive-timeout 300
@@ -2862,7 +2862,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
tolerate-pipelining 1
@@ -2943,7 +2943,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
default-server-timeout 60
@@ -3042,7 +3042,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
connection-sharing 1
@@ -3098,7 +3098,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
socket-timeout 300
@@ -3186,7 +3186,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
max-client-connections 256
@@ -3265,7 +3265,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
listen-backlog 4096
@@ -3336,7 +3336,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
enable-accept-filter 1
@@ -3739,7 +3739,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
# Increase the time to life for temporarily enabled tags to 3 minutes
@@ -3811,7 +3811,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
# Allow systems that can reach Privoxy to provide the client
@@ -3884,7 +3884,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
# Increase the receive buffer size
@@ -3900,8 +3900,14 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
-
-TLS/SSL Inspection (Experimental)
+
+HTTPS Inspection (Experimental)
+
+
+ HTTPS inspection allows to filter encrypted requests.
+ This is only supported when Privoxy
+ has been built with FEATURE_HTTPS_INSPECTION.
+
@@ -3952,7 +3958,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
ca-directory /usr/local/etc/privoxy/CA
@@ -4023,7 +4029,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
ca-cert-file root.crt
@@ -4081,7 +4087,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
ca-key-file cakey.pem
@@ -4143,7 +4149,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
ca-password blafasel
@@ -4225,7 +4231,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
certificate-directory /usr/local/var/privoxy/certs
@@ -4240,6 +4246,131 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
+cipher-list
+
+
+ Specifies:
+
+
+ A list of ciphers to use in TLS handshakes
+
+
+
+
+ Type of value:
+
+
+ Text
+
+
+
+
+ Default value:
+
+ None
+
+
+
+ Effect if unset:
+
+
+ A default value is inherited from the TLS library.
+
+
+
+
+ Notes:
+
+
+ This directive allows to specify a non-default list of ciphers to use
+ in TLS handshakes with clients and servers.
+
+
+ Ciphers are separated by colons. Which ciphers are supported
+ depends on the TLS library. When using OpenSSL, unsupported ciphers
+ are skipped. When using MbedTLS they are rejected.
+
+
+
+ Specifying an unusual cipher list makes fingerprinting easier.
+ Note that the default list provided by the TLS library may
+ be unusual when compared to the one used by modern browsers
+ as well.
+
+
+
+
+
+ Examples:
+
+
+ # Explicitly set a couple of ciphers with names used by MbedTLS
+ cipher-list cipher-list TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\
+TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256:\
+TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256:\
+TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:\
+TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:\
+TLS-ECDHE-ECDSA-WITH-AES-256-CCM:\
+TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8:\
+TLS-ECDHE-ECDSA-WITH-AES-128-CCM:\
+TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8:\
+TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256:\
+TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384:\
+TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:\
+TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:\
+TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256:\
+TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384:\
+TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:\
+TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:\
+TLS-DHE-RSA-WITH-AES-256-CCM:\
+TLS-DHE-RSA-WITH-AES-256-CCM-8:\
+TLS-DHE-RSA-WITH-AES-128-CCM:\
+TLS-DHE-RSA-WITH-AES-128-CCM-8:\
+TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256:\
+TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384:\
+TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256:\
+TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384:\
+TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256:\
+TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384:\
+TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256:\
+TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384:\
+TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256:\
+TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384
+
+
+ # Explicitly set a couple of ciphers with names used by OpenSSL
+cipher-list ECDHE-RSA-AES256-GCM-SHA384:\
+ECDHE-ECDSA-AES256-GCM-SHA384:\
+DH-DSS-AES256-GCM-SHA384:\
+DHE-DSS-AES256-GCM-SHA384:\
+DH-RSA-AES256-GCM-SHA384:\
+DHE-RSA-AES256-GCM-SHA384:\
+ECDH-RSA-AES256-GCM-SHA384:\
+ECDH-ECDSA-AES256-GCM-SHA384:\
+ECDHE-RSA-AES128-GCM-SHA256:\
+ECDHE-ECDSA-AES128-GCM-SHA256:\
+DH-DSS-AES128-GCM-SHA256:\
+DHE-DSS-AES128-GCM-SHA256:\
+DH-RSA-AES128-GCM-SHA256:\
+DHE-RSA-AES128-GCM-SHA256:\
+ECDH-RSA-AES128-GCM-SHA256:\
+ECDH-ECDSA-AES128-GCM-SHA256:\
+ECDHE-RSA-AES256-GCM-SHA384:\
+AES128-SHA
+
+
+ # Use keywords instead of explicity naming the ciphers (Does not work with MbedTLS)
+ cipher-list ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
+
+
+
+
+
+
+
+
+
+
trusted-cas-file
@@ -4286,7 +4417,7 @@ forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t
- Examples:
+ Example:
trusted-cas-file trusted_cas_file.pem