[Solved] How to change the cipher for Squid reverse proxy?

cjs1976

Hi,

Is there a possibility to change the default cipher(s) for the Squid reverse proxy?

I get always an ERR_SSL_OBSOLETE_CIPHER with Chrome and Opera.

If I connect directly without my pfSense to the website it works. If I connect over my pfSense I get this error message. So I think it should be a configuration thing.

Thanks,
Christian.

cjs1976

Hi,

so far I found the following BAD solution:

1. The configuration of the Squid Reverse Prox is saved under: '/usr/local/etc/squid/squid.conf'.

2. There is a section called '# Reverse Proxy settings'

3. There are a lot of parameters for each entry. For the https stuff there are also the parameters which create the problem: 'cipher=' and 'options='

4. I found this article: http://www.rawiriblundell.com/?p=1442

5. I know, that I should not touch this file manually, but I wanted to see if this is the problem. So I changed the values for 'cipher' and 'options' like described in the article. I restarted the Squid service.

IT WORKS!!!

Does anyone know where I can set/change/choose this parameters over the gui???

Thanks,
Christian.

cjs1976

Please see: https://forum.pfsense.org/index.php?topic=119934.0