Re: [squid-users] Cipher Suites

From: PS <packetstack_at_gmail.com>
Date: Mon, 13 Feb 2012 02:58:12 -0500

I ended up having to disable the Camellia ciphers in Firefox in order to prevent it from being selected.

Thanks

On Feb 12, 2012, at 7:55 AM, Henrik Nordström wrote:

> fre 2012-02-10 klockan 04:33 -0500 skrev PS:
>
>> It seems like every site that I connect to while using Squid, the
>> server always chooses Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
>> (0x0084). I'm not sure why. Exactly what does the cipher option do?
>
> The cipher string sets the list of SSL ciphers Squid accepts.
>
> SSL then negotiates the best cipher supported by both sides of the
> connection.
>
> Normally it's the client who have the last say on which of the mutually
> supported chiphers should be used, but servers MAY override if they
> insist (within the mutually supported set of ciphers).
>
> Squid is both server and client depending on which connection you look
> at. In the client<->squid connection it's a server and in
> squid<->webserver connection it's a client.
>
> Note: Above description only applies to ssl-bump or reverse proxying. In
> normal tunneling of SSL squid is neither server or client, only relaying
> the encrypted traffic as-is between the client and requested server.
>
> Regards
> Henrik
>
Received on Mon Feb 13 2012 - 07:58:20 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 14 2012 - 12:00:02 MST