Hello, I'd restrict the client by using a less resource consuming TLS encryption; I though doing just this e.g. http_port 3128 ... cipher=3DES ... (for restricting clients connecting to 3DES) or what would be less resource consuming? AES128? but where can I see, which ciphersuite is really used? (which log shows this? is it /var/squid/cache.log?) the reason why I'm asking this: I'm using Kaspersky Anti-Virus on client side, this does a 2nd SSL-interception, and there the browsers show different Ciphersuites; e.g. Google Chrome shows AES128, Mozilla Firefox shows Camellia 256 or is it like this: e.g. Google Chrome uses AES128 to the Anti-Virus, the Anti-Virus itself uses 3DES to the proxy server? (the proxy server matches another Ciphersuite to the web host) Kaspersky Anti-Virus installed its own Root certificate into the Certstore of my Windows and of Mozilla Firefox; for sites the Antivirus does no SSL-intercept, I see the Root certificate of my proxy and for sites the Antivirus does SSL-Intercept I see the Kaspersky's Antivirus Root certificate; Thanks, Walter _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
