[squid-users] Cipher suites errors

Yuri yvoinov at gmail.com
Mon Jun 27 13:39:20 UTC 2016


This is GOST-based ciphers included in LibreSSL. Don't worry about it.


27.06.2016 19:30, C. L. Martinez пишет:
> Hi all,
>
>   After some tunning to configure my squid's host with ssl_bump and intermediate CA (many thanks Yuri), I have tested my setup against https://www.ssllabs.com and https://howsmyssl.com and both sites returns me the following error:
>
> Some unknown cipher suite: 0xff85 (SSLLabs says UNKNOWN (0xff85)   WEAK)
> Some unknown cipher suite: 0x0081
>
>   My relevant config is:
>
> sslproxy_options SINGLE_DH_USE,SINGLE_ECDH_USE
> sslproxy_cipher HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
> https_port 127.0.0.1:5145 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/server.crt \
>          key=/etc/squid/certs/server.key tls-dh=prime256v1:/etc/squid/certs/dhparam.pem \
>                  options=SINGLE_DH_USE,SINGLE_ECDH_USE cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
>
>   Am I doing something wrong?? I am using squid's wiki suggested config ...
>
> Thanks.
>



More information about the squid-users mailing list