Re: [squid-users] SSLBump SSL error (FAO Henrik)

From: Henrik Nordstr�m <henrik_at_henriknordstrom.net>
Date: Sun, 12 Feb 2012 12:57:22 +0100

lör 2012-02-11 klockan 10:34 +0000 skrev Alex Crow:

> Henrik,
>
> I have tried adding the line "sslproxy_cipher ALL:!COMPLEMENTOFDEFAULT"
> instead of specifying it in the http_port line.
>
> It's still failing negotiation on the abbeynational request.
>
> Any help would be much appreciated.

Try playing with openssl s_client until you find settings that the
server accepts.

That's how I found the cipher setting that works for me.

Then use this in sslproxy_cipher directive in Squid to tell Squid what
it should use.

Note: http_port is the wrong place. This controls the ciphers used
towards clients only.

Regards
Henrik
Received on Sun Feb 12 2012 - 11:58:39 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 14 2012 - 12:00:02 MST