Hi all,
After some tunning to configure my squid's host with ssl_bump and intermediate
CA (many thanks Yuri), I have tested my setup against https://www.ssllabs.com
and https://howsmyssl.com and both sites returns me the following error:
Some unknown cipher suite: 0xff85 (SSLLabs says UNKNOWN (0xff85) WEAK)
Some unknown cipher suite: 0x0081
My relevant config is:
sslproxy_options SINGLE_DH_USE,SINGLE_ECDH_USE
sslproxy_cipher
HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
https_port 127.0.0.1:5145 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/certs/server.crt \
key=/etc/squid/certs/server.key
tls-dh=prime256v1:/etc/squid/certs/dhparam.pem \
options=SINGLE_DH_USE,SINGLE_ECDH_USE
cipher=HIGH:MEDIUM:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
Am I doing something wrong?? I am using squid's wiki suggested config ...
Thanks.
--
Greetings,
C. L. Martinez
_______________________________________________
squid-users mailing list
[email protected]
http://lists.squid-cache.org/listinfo/squid-users
