[squid-users] Question squid on centos 6.5 and poodle
Amos Jeffries
squid3 at treenet.co.nz
Mon Oct 20 01:36:19 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 20/10/2014 2:28 p.m., Alexander Samad wrote:
> Hi
>
> Thanks for clearing that up. so when i do a openssl ciphers and
> select the ciphers i want including the PFS enables oned, i take
> the list and try and use it in ciphers= and the list seems to be
> dissregarded and only 1 cipher is available. atleast from online
> checking and with nmap.
>
> I have nossl2 and nossl3, that covers me for most things apart from
> PFS.
>
> I am not ready to upgrade to a non RHEL/CEntos version as that has
> other implications ! But in the end if I must
>
>
> I am wondering if thats a known bug or I am configuring it wrongly
>
>
> this is the cipher list I have tried as well
>
> openssl ciphers 'ALL:!SSLv2:!SSLv3:@STRENGTH'
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ADH-AES256-GCM-SHA384:ADH-AES256-SHA256:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:AES256-GCM-SHA384:AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ADH-AES128-GCM-SHA256:ADH-AES128-SHA256:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256
>
>
>
> ldd points to /usr/lib64/libssl.so.10 and
>
> openssl-1.0.1e-30.el6_5.2.x86_64
That string is just passed as text to libssl.
As I understand it openssl ignores entries it does not understand. So
I guess your library has been built without support for most of those
ciphers.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJURGcSAAoJELJo5wb/XPRjYvgH/j6AMjimV/DFGlUvo2gSXFhC
pGPyc49g1KHzIqCxJ6gh5xwHf/H/WFbOKtg+MoSHbAzAe9tRH52uoWrNBQonnXfc
OV3F/6gpWe4YPZ8ZyV/8ls0fYnGp/He6MXmwkkYF42PwJLkEFSKZTBZFvbJZv6tk
khVH/yzfJi/U5a+a3tAcPTTnPdB80yy0sBy+NaL2zaTr98OSOCUDToZSMr61TuPN
6CckbK7rjh2s+TgNXl1eUuO6IwzfzJOZLhBefj+jgmG10XXadeg2MdfBIXd75VB6
cz+/e5HHTd1ZK+HBfOgxcOBb0q1v+/tSH2IKoPbnBB1QSNAhZE0Wt619Jtc3fCw=
=iPqR
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list