Thanks Amos. I will try experimenting with it a bit more. On Feb 10, 2012, at 8:41 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > >>> >>> On Feb 10, 2012, at 4:33 AM, PS wrote: >>> >>>>> Hello, >>>>> Is there a way for me to force a server to accept the cipher that I am choosing? Below you can see my http_port directive. >>>>> >>>>> http_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB key=/usr/local/squid/ssl_cert/private/squid-rsa-3.2.pem cert=/usr/local/squid/ssl_cert/squid-3.2.pem version=4 cipher=RC4-SHA >>>>> >>>>> It seems like every site that I connect to while using Squid, the server always chooses Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084). I'm not sure why. Exactly what does the cipher option do? >> > > The value is passes untouched through to the OpenSSL library. > see http://www.openssl.org/docs/apps/ciphers.html#CIPHER_STRINGS > > SSL details on http_port control what Squid uses when communicating with the *client*. > > SSL details used when communication DIRECT to *servers* use the server SSL directives starting with sslproxy_*, for example: > http://www.squid-cache.org/Doc/config/sslproxy_cipher/ > > Or to set specific details to a peer linkages set the ssl options for cache_peer. > > > Amos
