Thanks Amos. I will try experimenting with it a bit more.
On Feb 10, 2012, at 8:41 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
>>>
>>> On Feb 10, 2012, at 4:33 AM, PS wrote:
>>>
>>>>> Hello,
>>>>> Is there a way for me to force a server to accept the cipher that I am choosing? Below you can see my http_port directive.
>>>>>
>>>>> http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/usr/local/squid/ssl_cert/private/squid-rsa-3.2.pem cert=/usr/local/squid/ssl_cert/squid-3.2.pem version=4 cipher=RC4-SHA
>>>>>
>>>>> It seems like every site that I connect to while using Squid, the server always chooses Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084). I'm not sure why. Exactly what does the cipher option do?
>>
>
> The value is passes untouched through to the OpenSSL library.
> see http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
>
> SSL details on http_port control what Squid uses when communicating with the *client*.
>
> SSL details used when communication DIRECT to *servers* use the server SSL directives starting with sslproxy_*, for example:
> http://www.squid-cache.org/Doc/config/sslproxy_cipher/
>
> Or to set specific details to a peer linkages set the ssl options for cache_peer.
>
>
> Amos
Received on Sat Feb 11 2012 - 05:35:12 MST
This archive was generated by hypermail 2.2.0 : Sat Feb 11 2012 - 12:00:02 MST