Search squid archive

Re: Question squid on centos 6.5 and poodle

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 20/10/2014 2:28 p.m., Alexander Samad wrote:
> Hi
> 
> Thanks for clearing that up. so when i do a openssl ciphers and
> select the ciphers i want including the PFS enables oned, i take
> the list and try and use it in ciphers= and the list seems to be
> dissregarded and only 1 cipher is available. atleast from online
> checking and with nmap.
> 
> I have nossl2 and nossl3, that covers me for most things apart from
> PFS.
> 
> I am not ready to upgrade to a non RHEL/CEntos version as that has 
> other implications ! But in the end if I must
> 
> 
> I am wondering if thats a known bug or I am configuring it wrongly
> 
> 
> this is the cipher list I have tried as well
> 
> openssl ciphers 'ALL:!SSLv2:!SSLv3:@STRENGTH' 
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256
>
> 
> 
> ldd points to /usr/lib64/libssl.so.10 and
> 
> openssl-1.0.1e-30.el6_5.2.x86_64

That string is just passed as text to libssl.

As I understand it openssl ignores entries  it does not understand. So
I guess your library has been built without support for most of those
ciphers.

Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJURGcSAAoJELJo5wb/XPRjYvgH/j6AMjimV/DFGlUvo2gSXFhC
pGPyc49g1KHzIqCxJ6gh5xwHf/H/WFbOKtg+MoSHbAzAe9tRH52uoWrNBQonnXfc
OV3F/6gpWe4YPZ8ZyV/8ls0fYnGp/He6MXmwkkYF42PwJLkEFSKZTBZFvbJZv6tk
khVH/yzfJi/U5a+a3tAcPTTnPdB80yy0sBy+NaL2zaTr98OSOCUDToZSMr61TuPN
6CckbK7rjh2s+TgNXl1eUuO6IwzfzJOZLhBefj+jgmG10XXadeg2MdfBIXd75VB6
cz+/e5HHTd1ZK+HBfOgxcOBb0q1v+/tSH2IKoPbnBB1QSNAhZE0Wt619Jtc3fCw=
=iPqR
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux