I ended up having to disable the Camellia ciphers in Firefox in order to prevent it from being selected. Thanks On Feb 12, 2012, at 7:55 AM, Henrik Nordström wrote: > fre 2012-02-10 klockan 04:33 -0500 skrev PS: > >> It seems like every site that I connect to while using Squid, the >> server always chooses Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA >> (0x0084). I'm not sure why. Exactly what does the cipher option do? > > The cipher string sets the list of SSL ciphers Squid accepts. > > SSL then negotiates the best cipher supported by both sides of the > connection. > > Normally it's the client who have the last say on which of the mutually > supported chiphers should be used, but servers MAY override if they > insist (within the mutually supported set of ciphers). > > Squid is both server and client depending on which connection you look > at. In the client<->squid connection it's a server and in > squid<->webserver connection it's a client. > > Note: Above description only applies to ssl-bump or reverse proxying. In > normal tunneling of SSL squid is neither server or client, only relaying > the encrypted traffic as-is between the client and requested server. > > Regards > Henrik >
