[Solved] How to change the cipher for Squid reverse proxy?
-
Hi,
Is there a possibility to change the default cipher(s) for the Squid reverse proxy?
I get always an ERR_SSL_OBSOLETE_CIPHER with Chrome and Opera.
If I connect directly without my pfSense to the website it works. If I connect over my pfSense I get this error message. So I think it should be a configuration thing.
Thanks,
Christian. -
Hi,
so far I found the following BAD solution:
1. The configuration of the Squid Reverse Prox is saved under: '/usr/local/etc/squid/squid.conf'.
2. There is a section called '# Reverse Proxy settings'
3. There are a lot of parameters for each entry. For the https stuff there are also the parameters which create the problem: 'cipher=' and 'options='
4. I found this article: http://www.rawiriblundell.com/?p=1442
5. I know, that I should not touch this file manually, but I wanted to see if this is the problem. So I changed the values for 'cipher' and 'options' like described in the article. I restarted the Squid service.
IT WORKS!!!
Does anyone know where I can set/change/choose this parameters over the gui???
Thanks,
Christian. -
Please see: https://forum.pfsense.org/index.php?topic=119934.0