Hi Hmm thats strange as its openssl that is giving me the list ... openssl ciphers 'ALL:!SSLv2:!SSLv3:@STRENGTH' plus when i don't put anything in the ciphers option I get most (but not all of the ciphers). A On 20 October 2014 12:36, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 20/10/2014 2:28 p.m., Alexander Samad wrote: >> Hi >> >> Thanks for clearing that up. so when i do a openssl ciphers and >> select the ciphers i want including the PFS enables oned, i take >> the list and try and use it in ciphers= and the list seems to be >> dissregarded and only 1 cipher is available. atleast from online >> checking and with nmap. >> >> I have nossl2 and nossl3, that covers me for most things apart from >> PFS. >> >> I am not ready to upgrade to a non RHEL/CEntos version as that has >> other implications ! But in the end if I must >> >> >> I am wondering if thats a known bug or I am configuring it wrongly >> >> >> this is the cipher list I have tried as well >> >> openssl ciphers 'ALL:!SSLv2:!SSLv3:@STRENGTH' >> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256 >> >> >> >> ldd points to /usr/lib64/libssl.so.10 and >> >> openssl-1.0.1e-30.el6_5.2.x86_64 > > That string is just passed as text to libssl. > > As I understand it openssl ignores entries it does not understand. So > I guess your library has been built without support for most of those > ciphers. > > Amos > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.22 (MingW32) > > iQEcBAEBAgAGBQJURGcSAAoJELJo5wb/XPRjYvgH/j6AMjimV/DFGlUvo2gSXFhC > pGPyc49g1KHzIqCxJ6gh5xwHf/H/WFbOKtg+MoSHbAzAe9tRH52uoWrNBQonnXfc > OV3F/6gpWe4YPZ8ZyV/8ls0fYnGp/He6MXmwkkYF42PwJLkEFSKZTBZFvbJZv6tk > khVH/yzfJi/U5a+a3tAcPTTnPdB80yy0sBy+NaL2zaTr98OSOCUDToZSMr61TuPN > 6CckbK7rjh2s+TgNXl1eUuO6IwzfzJOZLhBefj+jgmG10XXadeg2MdfBIXd75VB6 > cz+/e5HHTd1ZK+HBfOgxcOBb0q1v+/tSH2IKoPbnBB1QSNAhZE0Wt619Jtc3fCw= > =iPqR > -----END PGP SIGNATURE----- > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
