[squid-users] Question squid on centos 6.5 and poodle
Alexander Samad
alex at samad.com.au
Mon Oct 20 03:49:15 UTC 2014
Hi
Hmm thats strange as its openssl that is giving me the list ...
openssl ciphers 'ALL:!SSLv2:!SSLv3:@STRENGTH' plus when i don't put
anything in the ciphers option I get most (but not all of the
ciphers).
A
On 20 October 2014 12:36, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 20/10/2014 2:28 p.m., Alexander Samad wrote:
>> Hi
>>
>> Thanks for clearing that up. so when i do a openssl ciphers and
>> select the ciphers i want including the PFS enables oned, i take
>> the list and try and use it in ciphers= and the list seems to be
>> dissregarded and only 1 cipher is available. atleast from online
>> checking and with nmap.
>>
>> I have nossl2 and nossl3, that covers me for most things apart from
>> PFS.
>>
>> I am not ready to upgrade to a non RHEL/CEntos version as that has
>> other implications ! But in the end if I must
>>
>>
>> I am wondering if thats a known bug or I am configuring it wrongly
>>
>>
>> this is the cipher list I have tried as well
>>
>> openssl ciphers 'ALL:!SSLv2:!SSLv3:@STRENGTH'
>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256
>>
>>
>>
>> ldd points to /usr/lib64/libssl.so.10 and
>>
>> openssl-1.0.1e-30.el6_5.2.x86_64
>
> That string is just passed as text to libssl.
>
> As I understand it openssl ignores entries it does not understand. So
> I guess your library has been built without support for most of those
> ciphers.
>
> Amos
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJURGcSAAoJELJo5wb/XPRjYvgH/j6AMjimV/DFGlUvo2gSXFhC
> pGPyc49g1KHzIqCxJ6gh5xwHf/H/WFbOKtg+MoSHbAzAe9tRH52uoWrNBQonnXfc
> OV3F/6gpWe4YPZ8ZyV/8ls0fYnGp/He6MXmwkkYF42PwJLkEFSKZTBZFvbJZv6tk
> khVH/yzfJi/U5a+a3tAcPTTnPdB80yy0sBy+NaL2zaTr98OSOCUDToZSMr61TuPN
> 6CckbK7rjh2s+TgNXl1eUuO6IwzfzJOZLhBefj+jgmG10XXadeg2MdfBIXd75VB6
> cz+/e5HHTd1ZK+HBfOgxcOBb0q1v+/tSH2IKoPbnBB1QSNAhZE0Wt619Jtc3fCw=
> =iPqR
> -----END PGP SIGNATURE-----
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list