On 9/12/2015 1:59 p.m., Michael Hendrie wrote: > Hi All, > > I've read a few articles that indicate squid-3.5 and below doesn't support ssl-bump'ing ECDHE ciphers. > > Is this correct? That is correct. > If so, is it possible to create/structure acl and ssl-bump rules to splice on unsupported ciphers? > > I've looked through the available ACL options and doesn't seem to be possible unless I'm missing something. > Good question. The workaround that comes to mind is using the user_cert type ACL to match values in the certificate. But doing so by custom OID is also only available in Squid-4 and later. So if ciphers is not one of the specific fields listed that 3.5 and older can match, then AFAIK you are out of luck. FYI: Squid-4 is available, all that "beta" means is that the new code has not yet had much testing. It works fine for some of us in production. You may be able to use it also but some extra care is recommended to check it works well enough before rolling it out. ... or in short: YMMV. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
