On Feb 10, 2012, at 4:33 AM, PS wrote:
Hello,
Is there a way for me to force a server to accept the cipher that I
am choosing? Below you can see my http_port directive.
http_port 3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB
key=/usr/local/squid/ssl_cert/private/squid-rsa-3.2.pem
cert=/usr/local/squid/ssl_cert/squid-3.2.pem version=4 cipher=RC4-SHA
It seems like every site that I connect to while using Squid, the
server always chooses Cipher Suite:
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084). I'm not sure why.
Exactly what does the cipher option do?
The value is passes untouched through to the OpenSSL library.
see http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS
SSL details on http_port control what Squid uses when communicating with
the *client*.
SSL details used when communication DIRECT to *servers* use the server
SSL directives starting with sslproxy_*, for example:
http://www.squid-cache.org/Doc/config/sslproxy_cipher/
Or to set specific details to a peer linkages set the ssl options for
cache_peer.
Amos
