[squid-users] Ciphersuites with SSL bump [squid 3.5.19]

Walter H. Walter.H at mathemainzel.info
Fri May 20 14:44:23 UTC 2016 

Hello,

I'd like to disable some ciphersuites when connecting with web servers;

when I go there: https://cc.dcsec.uni-hannover.de/
I'm shown this (only the column with ciphersuite names):

ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA
ECDH-ECDSA-AES256-SHA
RSA-AES256-GCM-SHA384
DH-RSA-MISTY1-SHA  (*)
RSA-AES256-SHA
RSA-CAMELLIA256-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-CAMELLIA128-SHA
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
ECDH-RSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA256
ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA
RSA-AES128-GCM-SHA256
DH-DSS-MISTY1-SHA  (*)
RSA-AES128-SHA
RSA-CAMELLIA128-SHA
ECDHE-RSA-3DES-EDE-SHA
ECDHE-ECDSA-3DES-EDE-SHA
DHE-RSA-3DES-EDE-SHA
ECDH-RSA-3DES-EDE-SHA
ECDH-ECDSA-3DES-EDE-SHA
RSA-3DES-EDE-SHA
EMPTY-RENEGOTIATION-INFO-SCSV

and these are the lines in my squid.conf

sslproxy_cafile /etc/squid/ca-bundle.trust.crt
sslproxy_cipher 
!SSLv2:+SSLv3:!AECDH:!ADH:!DES:HIGH:+3DES:!RC4:!MD5:!aNULL:!eNULL:!LOW:!EXP:!DSS:!PSK:!SEED:!SRP
sslproxy_options NO_SSLv2 NO_SSLv3 TLSv1 TLSv1_1 TLSv1_2

and I would like to disable the ciphersuites marked with (*), but how 
would I do this?

any hint would be nice;

Thanks and greetings from Austria,
Walter


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160520/58654e93/attachment.bin>

More information about the squid-users mailing list