On 11/01/2016 10:50 p.m., Walter H. wrote: > Hello, > > I'd restrict the client by using a less resource consuming TLS encryption; > > I though doing just this > > e.g. > http_port 3128 ... cipher=3DES ... > (for restricting clients connecting to 3DES) > > or what would be less resource consuming? > AES128? Depends on the specific TLS library implementation, what other hashes etc are used alongside, and any crypto hardware support in the machine running it. > > but where can I see, which ciphersuite is really used? > (which log shows this? is it /var/squid/cache.log?) For that you need the new 'negotiated_cipher' logformat codes in the latest Squid-4.0.4 (note some more build errors found the past few days). > > the reason why I'm asking this: > > I'm using Kaspersky Anti-Virus on client side, this does a 2nd > SSL-interception, and there the browsers show different Ciphersuites; > > e.g. Google Chrome shows AES128, Mozilla Firefox shows Camellia 256 > > or is it like this: e.g. Google Chrome uses AES128 to the Anti-Virus, the > Anti-Virus itself uses 3DES to the proxy server? > (the proxy server matches another Ciphersuite to the web host) Yes it is like that. TLS is point-to-point encryption. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
