[squid-users] SSL cipher list
Amos Jeffries
squid3 at treenet.co.nz
Sat Jan 16 03:22:07 UTC 2016
On 16/01/2016 10:46 a.m., Hector Chan wrote:
> Hi,
>
> I am running the squid 3.4.x line. I am looking into hardening our squid
> server. One of the things I am looking at is the SSL cipher list. Does
> anyone know how do I find out what SSL cipher list squid support? I read
> from another post that squid doesn't support the ECDHE ciphers, but I am
> interested in getting the complete SSL cipher list that squid supports.
Squid uses OpenSSL or LibreSSL. The ciphers supported by that library
are what is supported. It changes depending on what TLS/SSL options
Squid has been configured to pass the library.
The oddity with Elliptic Curves was that Squid older than 3.5.13 were
not able to send the library a curve name. So those particular ciphers
could not be enabled even if you wanted to.
Amos
More information about the squid-users
mailing list