I would like to run squid 3.5.8 as a reverse proxy for our webserver. I already have a certificate which is currently in use by the Apache Webserver 2.4 itself. It is based upon an EC (elliptic curve) private key of length 384.
Until now I have not managed to fire up squid with by specifying https_port with private key and certificate. It will run, but all connection attempts (e.g. using openssl s_client or gnutls-cli) will break down with the following server-side error:
Error negotiating SSL connection on FD 14: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher (1/-1)
The https_port line looks like this:
https_port 443 accel cert=/etc/squid/test.pem key=/etc/squid/test.key cafile=/etc/squid/globalsign.pem dhparams=/etc/squid/dhparams.pem defaultsite=my.web.site
Does Squid simply not support elliptic curvers for primary keys? OpenSSL 1.0.1k is installed which works fine with the Apache...
Thank you very much for your help.
Best regards,
Johannes
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
