The cipher used is written to the logfiles by default. You may want to add
\begin{lstlisting}[breaklines]
- log_selector = <....whatever your log_selector already contains...> \
+ log_selector = <whatever your log_selector already contains> \
+tls_certificate_verified +tls_peerdn +tls_sni
\end{lstlisting}
to get even more TLS information logged.
The cipher used is written to the logfiles by default. You may want to add
\begin{lstlisting}[breaklines]
- log_selector = <....whatever your log_selector already contains...> \
+ log_selector = <whatever your log_selector already contains> \
+tls_certificate_verified +tls_peerdn +tls_sni
\end{lstlisting}
to get even more TLS information logged.
As of squid-3.2.7 (01 Feb 2013) there is support for the OpenSSL NO\_Compression option within squid config (CRIME attack) and if you combine that in the config file, with an enforcement of the server cipher preferences (BEAST Attack) you are safe.
\paragraph*{squid.conf}\mbox{}\\
-squid.conf
\todo{UNTESTED!}
\begin{lstlisting}[breaklines]
\paragraph*{squid.conf}\mbox{}\\
-squid.conf
%% http://forum.pfsense.org/index.php?topic=63262.0