Hello, I'd like to disable some ciphersuites when connecting with web servers; when I go there: https://cc.dcsec.uni-hannover.de/ I'm shown this (only the column with ciphersuite names): ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-SHA ECDHE-ECDSA-AES256-SHA DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA DHE-RSA-CAMELLIA256-SHA ECDH-RSA-AES256-GCM-SHA384 ECDH-ECDSA-AES256-GCM-SHA384 ECDH-RSA-AES256-SHA384 ECDH-ECDSA-AES256-SHA384 ECDH-RSA-AES256-SHA ECDH-ECDSA-AES256-SHA RSA-AES256-GCM-SHA384 DH-RSA-MISTY1-SHA (*) RSA-AES256-SHA RSA-CAMELLIA256-SHA ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-ECDSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-ECDSA-AES128-SHA DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA DHE-RSA-CAMELLIA128-SHA ECDH-RSA-AES128-GCM-SHA256 ECDH-ECDSA-AES128-GCM-SHA256 ECDH-RSA-AES128-SHA256 ECDH-ECDSA-AES128-SHA256 ECDH-RSA-AES128-SHA ECDH-ECDSA-AES128-SHA RSA-AES128-GCM-SHA256 DH-DSS-MISTY1-SHA (*) RSA-AES128-SHA RSA-CAMELLIA128-SHA ECDHE-RSA-3DES-EDE-SHA ECDHE-ECDSA-3DES-EDE-SHA DHE-RSA-3DES-EDE-SHA ECDH-RSA-3DES-EDE-SHA ECDH-ECDSA-3DES-EDE-SHA RSA-3DES-EDE-SHA EMPTY-RENEGOTIATION-INFO-SCSV and these are the lines in my squid.conf sslproxy_cafile /etc/squid/ca-bundle.trust.crtsslproxy_cipher !SSLv2:+SSLv3:!AECDH:!ADH:!DES:HIGH:+3DES:!RC4:!MD5:!aNULL:!eNULL:!LOW:!EXP:!DSS:!PSK:!SEED:!SRP
sslproxy_options NO_SSLv2 NO_SSLv3 TLSv1 TLSv1_1 TLSv1_2and I would like to disable the ciphersuites marked with (*), but how would I do this?
any hint would be nice; Thanks and greetings from Austria, Walter
<<attachment: smime.p7s>>
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
