[squid-users] SSL-bump and Ciphersuite?
Walter H.
walter.h at mathemainzel.info
Mon Jan 11 09:50:43 UTC 2016
Hello,
I'd restrict the client by using a less resource consuming TLS encryption;
I though doing just this
e.g.
http_port 3128 ... cipher=3DES ...
(for restricting clients connecting to 3DES)
or what would be less resource consuming?
AES128?
but where can I see, which ciphersuite is really used?
(which log shows this? is it /var/squid/cache.log?)
the reason why I'm asking this:
I'm using Kaspersky Anti-Virus on client side, this does a 2nd
SSL-interception, and there the browsers show different Ciphersuites;
e.g. Google Chrome shows AES128, Mozilla Firefox shows Camellia 256
or is it like this: e.g. Google Chrome uses AES128 to the Anti-Virus, the
Anti-Virus itself uses 3DES to the proxy server?
(the proxy server matches another Ciphersuite to the web host)
Kaspersky Anti-Virus installed its own Root certificate into the Certstore
of my Windows and of Mozilla Firefox; for sites the Antivirus does no
SSL-intercept, I see the Root certificate of my proxy and for sites the
Antivirus does SSL-Intercept I see the Kaspersky's Antivirus Root
certificate;
Thanks,
Walter
More information about the squid-users
mailing list