Search squid archive

Re: Re: Cipher Suites

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Feb 10, 2012, at 4:33 AM, PS wrote:

Hello,
Is there a way for me to force a server to accept the cipher that I am choosing? Below you can see my http_port directive.

http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/usr/local/squid/ssl_cert/private/squid-rsa-3.2.pem cert=/usr/local/squid/ssl_cert/squid-3.2.pem version=4 cipher=RC4-SHA

It seems like every site that I connect to while using Squid, the server always chooses Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084). I'm not sure why. Exactly what does the cipher option do?


The value is passes untouched through to the OpenSSL library.
see http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS

SSL details on http_port control what Squid uses when communicating with the *client*.

SSL details used when communication DIRECT to *servers* use the server SSL directives starting with sslproxy_*, for example:
  http://www.squid-cache.org/Doc/config/sslproxy_cipher/

Or to set specific details to a peer linkages set the ssl options for cache_peer.


Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux