Re: [squid-users] Fwd: Cipher Suites

From: Henrik Nordstr�m <henrik_at_henriknordstrom.net>
Date: Sun, 12 Feb 2012 13:55:49 +0100

fre 2012-02-10 klockan 04:33 -0500 skrev PS:

> It seems like every site that I connect to while using Squid, the
> server always chooses Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
> (0x0084). I'm not sure why. Exactly what does the cipher option do?

The cipher string sets the list of SSL ciphers Squid accepts.

SSL then negotiates the best cipher supported by both sides of the
connection.

Normally it's the client who have the last say on which of the mutually
supported chiphers should be used, but servers MAY override if they
insist (within the mutually supported set of ciphers).

Squid is both server and client depending on which connection you look
at. In the client<->squid connection it's a server and in
squid<->webserver connection it's a client.

Note: Above description only applies to ssl-bump or reverse proxying. In
normal tunneling of SSL squid is neither server or client, only relaying
the encrypted traffic as-is between the client and requested server.

Regards
Henrik
Received on Sun Feb 12 2012 - 12:57:05 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 13 2012 - 12:00:03 MST