On 2015-08-13 10:18 am, Amos Jeffries wrote:
On 14/08/2015 2:40 a.m., Julianne Bielski wrote:
But does this mean that ECDHE isn't supported by Squid?
Correct. ECDHE is not supported by 3.5 and older.
EECDHE and ECDHE are coming in Squid-4.
If you really need it you are welcome to download and use Squid-4. Some
of us already are. Just be aware that it is still under development so
anything can change without notice, and there are probably a bunch of
bugs not yet found in those features and other new code.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
Thanks for all the info on this guys, I have no actual requirement to
have ECDHE implemented on the servers I maintain. I was just trying to
improve security by enabling the Forward Secrecy options where possible.
As some of the browsers support ECDHE and not DHE, IE8-10 for example. I
will do some more research on the issue mentioned by a previous poster
between now and when version 4 comes out, then decide if I do want to
enable it or not at that time.
After some playing around on the test system, testing results using the
ssllabs test tools with various options and dhparam key sizes, along
with the input from this thread. I have enabled the DHE ciphers on the
production reverse proxy server that I maintain at work last night.
--
Thanks,
Dean E. Weimer
http://www.dweimer.net/
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
