Must be:
openssl ecparam -name secp384r1 -genkey -param_enc named_curve -out
rootCA.key
:)
I.e. -param_enc can't be default, named_curve argument required :)
19.06.2016 15:18, Amos Jeffries пишет:
On 19/06/2016 12:42 a.m., Yuri Voinov wrote:
Good weekend to all.
Gentlemen, somebody played with ECDSA-certificates and SSL bump with SQUID?
I have when trying to use ECDSA self-signed CA to bump, Squid (version
no matter) gives an error SSLv3 (for unknown reasons) and can not
establish a secure connection. With CIPHER/PROTOCOL negotiation error in
browser. Yea, latest Chrome.
Does this mean that Squid is not support ECDSA?
It means your certificate was not created with the flags indicating
which Curve it is to be used with.
<https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography#Named_Curves>
I can't find any evidence of the flag being set on generated
certificates. So that may also be adding to the problem.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
