On 22/12/2015 3:07 a.m., tylerd wrote: > Hello, > I'm having a hard time trying to use ECDH support in Squid and I tried a few > different releases since v. 4 is out. Squid version: > > Squid Cache: Version 4.0.3-20151216-r14446Service Name: squidconfigure > options: '--with-openssl' '--enable-basic-auth-helpers=squid_radius_auth' > '--enable-auth' --enable-ltdl-convenience The above is equivalent to just "./configure --with-openssl" Because "--enable-auth" is enabled by default and "--enable-basic-auth-helpers" does not exist. Even if it did there is no "basic_squid_radius_auth_auth" helper. The configuration you seem to be trying to achieve is: ./configure --with-openssl --enable-auth-basic=RADIUS Which will build the Squid-3.2+ helper called "basic_radius_auth". > OpenSSL is 1.0.1q > Relevant https_port settings line in my squid.conf: > https_port 443 cert=/root/ssl/squid.crt key=/root/ssl/squid.key > tls-cafile=/root/ssl/ca.crt > cipher=ECDH+AESGCM:DH+AESGCM:ECDH+AES:DH+AES:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS > tls-dh=secp384r1:/usr/local/squid/etc/dhparam.pem > When I try to run it, I get the following error: 2015/12/21 09:01:05| ERROR: > Unable to set Ephemeral ECDH: error:00000000:lib(0):func(0):reason(0) > > Is there anybody running it successfully with ECDH support willing to share > some insights and a config sample? Thanks in advance. > That was a regression in the latest betas. I have now resolved it. FYI: It was just incorrect logging, the ECDH ciphers should have been operating properly despite the message. If you find that ECDH is not working that is a separate issue. Thanks Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
