I have been trying to make this work but still no luck, Any help is appreciated.
Thanks,
Vinod
On Tue, Jan 12, 2021 at 4:34 PM vinod mg <vinod9987@xxxxxxxxx> wrote:
Hi Amos,Thanks for responding, really appreciate the quick response.So yes if squid can mimic exactly what client is sending that all I am looking for, but here its not the case, as you can see below example squid is re-arranging the cipher list which I do not want.Below is the default cipher list order I got with plain firefox browsing howsmyssl.com without proxy -
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
Below is the cipher list order I got with same firefox browsing howsmyssl.com with explicit squid proxy configured -
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_GCM_SHA256
- TLS_AES_128_CCM_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_EMPTY_RENEGOTIATION_INFO_SCSV
I have tried removing "cipher=" from both "tls_outgoing_options" and "http_port" but still cipher list sent by client is changed while its passing via squid, Please let me know if I am missing anything.Thanks,VinodOn Tue, Jan 12, 2021 at 3:20 PM Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:On 12/01/21 5:44 pm, vinod mg wrote:
> Hello Team,
>
> I need some help in configuring cipher suite ordering. I am using squid
> with SSL configs and trying to configure the cipher order but not able
> to do so, I am using below sites to check my chipher ordering and its
> showing different ordering then what I have configured.
>
> https://www.howsmyssl.com <https://www.howsmyssl.com>
> https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html
> <https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.html>
>
These sites show what the client is sending. Modern Squid mimic what the
Browser sends in as closely as possible to avoid issues being added.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
