fre 2012-02-10 klockan 04:33 -0500 skrev PS: > It seems like every site that I connect to while using Squid, the > server always chooses Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA > (0x0084). I'm not sure why. Exactly what does the cipher option do? The cipher string sets the list of SSL ciphers Squid accepts. SSL then negotiates the best cipher supported by both sides of the connection. Normally it's the client who have the last say on which of the mutually supported chiphers should be used, but servers MAY override if they insist (within the mutually supported set of ciphers). Squid is both server and client depending on which connection you look at. In the client<->squid connection it's a server and in squid<->webserver connection it's a client. Note: Above description only applies to ssl-bump or reverse proxying. In normal tunneling of SSL squid is neither server or client, only relaying the encrypted traffic as-is between the client and requested server. Regards Henrik
