On Fri, 31 Dec 2004, Ramesh wrote:
Hello,
I wolud like to know detail information regardig the following TAG's in Squid 3.0 Pre 3.
1. ssl_engine 2. sslproxy_cipher
What does these TGA's meant for and how to be used. Provide me with some examples.
ssl_engine
The openssl engine to use. You will need to set this if you
would like to use hardware SSL acceleration for example.Or in other words, if you do not have SSL acceleration hardware then this directive is not meaningful to you. If you do have such hardware then you should know what it should be set to as it is dependent on hardware specific OpenSSL drivers for your specific SSL acceleration hardware. Documentation on this should have been included with the documentation to your OpenSSL supported SSL acceleration hardware.
sslproxy_cipher
SSL cipher list to use when proxying https:// URLs
The list of ciphers Squid should accept when initiating proxying of https:// URLs directly to an origin server (by proxying here refers to full proxying, not the use of the CONNECT method).
This is similar to the cipher= specifications in https_port or cache_peer, each sets the list of acceptable ciphers in the three directions Squid-3 handles SSL (https_port -> acceping SSL requests from clients, cache_peer -> making SSL requests to defined peers, sslproxy -> proxying of https:// URLs where Squid initiates the SSL connections to the requested web server)
For more information regarding OpenSSL cipher specifications see the ciphers documentation in the OpenSSL documentation.
Regards Henrik
