Search squid archive

Re: SSL-bump and Ciphersuite?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/01/2016 10:50 p.m., Walter H. wrote:
> Hello,
> 
> I'd restrict the client by using a less resource consuming TLS encryption;
> 
> I though doing just this
> 
> e.g.
> http_port 3128 ... cipher=3DES ...
> (for restricting clients connecting to 3DES)
> 
> or what would be less resource consuming?
> AES128?

Depends on the specific TLS library implementation, what other hashes
etc are used alongside, and any crypto hardware support in the machine
running it.

> 
> but where can I see, which ciphersuite is really used?
> (which log shows this? is it /var/squid/cache.log?)

For that you need the new 'negotiated_cipher' logformat codes in the
latest Squid-4.0.4 (note some more build errors found the past few days).


> 
> the reason why I'm asking this:
> 
> I'm using Kaspersky Anti-Virus on client side, this does a 2nd
> SSL-interception, and there the browsers show different Ciphersuites;
> 
> e.g. Google Chrome shows AES128, Mozilla Firefox shows Camellia 256
> 
> or is it like this: e.g. Google Chrome uses AES128 to the Anti-Virus, the
> Anti-Virus itself uses 3DES to the proxy server?
> (the proxy server matches another Ciphersuite to the web host)

Yes it is like that. TLS is point-to-point encryption.

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux