Re: [squid-users] Explanation for TAG's

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 3 Jan 2005 00:05:21 +0100 (CET)

On Fri, 31 Dec 2004, Ramesh wrote:

> Hello,
>
> I wolud like to know detail information regardig the following TAG's in
> Squid 3.0 Pre 3.
>
> 1. ssl_engine
> 2. sslproxy_cipher
>
> What does these TGA's meant for and how to be used. Provide me with some
> examples.

ssl_engine

         The openssl engine to use. You will need to set this if you
         would like to use hardware SSL acceleration for example.

Or in other words, if you do not have SSL acceleration hardware then this
directive is not meaningful to you. If you do have such hardware then you
should know what it should be set to as it is dependent on hardware
specific OpenSSL drivers for your specific SSL acceleration hardware.
Documentation on this should have been included with the documentation to
your OpenSSL supported SSL acceleration hardware.

sslproxy_cipher

         SSL cipher list to use when proxying https:// URLs

The list of ciphers Squid should accept when initiating proxying of
https:// URLs directly to an origin server (by proxying here refers to
full proxying, not the use of the CONNECT method).

This is similar to the cipher= specifications in https_port or cache_peer,
each sets the list of acceptable ciphers in the three directions Squid-3
handles SSL (https_port -> acceping SSL requests from clients, cache_peer
-> making SSL requests to defined peers, sslproxy -> proxying of https://
URLs where Squid initiates the SSL connections to the requested web
server)

For more information regarding OpenSSL cipher specifications see the
ciphers documentation in the OpenSSL documentation.

Regards
Henrik
Received on Sun Jan 02 2005 - 16:05:24 MST

This archive was generated by hypermail pre-2.1.9 : Mon Mar 07 2005 - 12:59:35 MST