[Solved] How to change the cipher for Squid reverse proxy?



  • Hi,

    Is there a possibility to change the default cipher(s) for the Squid reverse proxy?

    I get always an ERR_SSL_OBSOLETE_CIPHER with Chrome and Opera.

    If I connect directly without my pfSense to the website it works. If I connect over my pfSense I get this error message. So I think it should be a configuration thing.

    Thanks,
    Christian.



  • Hi,

    so far I found the following BAD solution:

    1. The configuration of the Squid Reverse Prox is saved under: '/usr/local/etc/squid/squid.conf'.

    2. There is a section called '# Reverse Proxy settings'

    3. There are a lot of parameters for each entry. For the https stuff there are also the parameters which create the problem: 'cipher=' and 'options='

    4. I found this article: http://www.rawiriblundell.com/?p=1442

    5. I know, that I should not touch this file manually, but I wanted to see if this is the problem. So I changed the values for 'cipher' and 'options' like described in the article. I restarted the Squid service.

    IT WORKS!!!

    Does anyone know where I can set/change/choose this parameters over the gui???

    Thanks,
    Christian.