He described the risk of outsourcing cryptographic security to a proxy -- though he was more focused on the fact that the proxy might not be as cautious or as correct about validating certs as your client, rather than that the proxy might have a different ciphersuite policy than your client. But he does explicitly mention this risk, including the idea that the proxy may be using a weaker ciphersuite. (The example he gives is PFS, where your client and the server might both support PFS ciphersuites, but the proxy might not, so you don't actually get PFS.)
http://www.secureworks.com/cyber-threat-intelligence/threats... https://media.blackhat.com/bh-eu-12/Jarmoc/bh-eu-12-Jarmoc-S...
He described the risk of outsourcing cryptographic security to a proxy -- though he was more focused on the fact that the proxy might not be as cautious or as correct about validating certs as your client, rather than that the proxy might have a different ciphersuite policy than your client. But he does explicitly mention this risk, including the idea that the proxy may be using a weaker ciphersuite. (The example he gives is PFS, where your client and the server might both support PFS ciphersuites, but the proxy might not, so you don't actually get PFS.)