[squid-users] Ciphersuites with SSL bump [squid 3.5.19]
Walter H.
Walter.H at mathemainzel.info
Fri May 20 14:44:23 UTC 2016
Hello,
I'd like to disable some ciphersuites when connecting with web servers;
when I go there: https://cc.dcsec.uni-hannover.de/
I'm shown this (only the column with ciphersuite names):
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-SHA384
ECDHE-ECDSA-AES256-SHA384
ECDHE-RSA-AES256-SHA
ECDHE-ECDSA-AES256-SHA
DHE-RSA-AES256-GCM-SHA384
DHE-RSA-AES256-SHA256
DHE-RSA-AES256-SHA
DHE-RSA-CAMELLIA256-SHA
ECDH-RSA-AES256-GCM-SHA384
ECDH-ECDSA-AES256-GCM-SHA384
ECDH-RSA-AES256-SHA384
ECDH-ECDSA-AES256-SHA384
ECDH-RSA-AES256-SHA
ECDH-ECDSA-AES256-SHA
RSA-AES256-GCM-SHA384
DH-RSA-MISTY1-SHA (*)
RSA-AES256-SHA
RSA-CAMELLIA256-SHA
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-SHA256
ECDHE-ECDSA-AES128-SHA256
ECDHE-RSA-AES128-SHA
ECDHE-ECDSA-AES128-SHA
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES128-SHA256
DHE-RSA-AES128-SHA
DHE-RSA-CAMELLIA128-SHA
ECDH-RSA-AES128-GCM-SHA256
ECDH-ECDSA-AES128-GCM-SHA256
ECDH-RSA-AES128-SHA256
ECDH-ECDSA-AES128-SHA256
ECDH-RSA-AES128-SHA
ECDH-ECDSA-AES128-SHA
RSA-AES128-GCM-SHA256
DH-DSS-MISTY1-SHA (*)
RSA-AES128-SHA
RSA-CAMELLIA128-SHA
ECDHE-RSA-3DES-EDE-SHA
ECDHE-ECDSA-3DES-EDE-SHA
DHE-RSA-3DES-EDE-SHA
ECDH-RSA-3DES-EDE-SHA
ECDH-ECDSA-3DES-EDE-SHA
RSA-3DES-EDE-SHA
EMPTY-RENEGOTIATION-INFO-SCSV
and these are the lines in my squid.conf
sslproxy_cafile /etc/squid/ca-bundle.trust.crt
sslproxy_cipher
!SSLv2:+SSLv3:!AECDH:!ADH:!DES:HIGH:+3DES:!RC4:!MD5:!aNULL:!eNULL:!LOW:!EXP:!DSS:!PSK:!SEED:!SRP
sslproxy_options NO_SSLv2 NO_SSLv3 TLSv1 TLSv1_1 TLSv1_2
and I would like to disable the ciphersuites marked with (*), but how
would I do this?
any hint would be nice;
Thanks and greetings from Austria,
Walter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4312 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160520/58654e93/attachment.bin>
More information about the squid-users
mailing list