-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Use search. Some days agi I've played around with ECDSA certs and drop it due to extremal incompatibility with clients. Here was this thread. 25.06.2016 22:10, C. L. Martinez пишет: > Hi all, > > I have some problems with my squid config when I use certificates generated with my internal CA. First, my ssl-bump config: > > acl DiscoverSNIHost at_step SslBump1 > acl NoSSLIntercept ssl::server_name_regex -i "/etc/squid/acls/domains.nobump" > ssl_bump peek DiscoverSNIHost > ssl_bump splice NoSSLIntercept > ssl_bump bump all > > With this config, all works as expected (I need to add some domains to domains.nobump, but gmail or google works without problems) only when I use a self-signed certificate in squid generated using the following commands: > > openssl genrsa -out server.key 4096 > openssl req -new -key server.key -x509 -days 365 -out server.crt > > But when I sign squid's request certificate with my internal CA (based on OpenBSD's LibreSSL), nothing works: gmail fails, google fails, startpage fails, etc ... My internal CA is configured to use elliptic cryptographic curve (secp384r1 for CA and prime256v1 for host's certifcates). > > Maybe is this the problem? Why when I use self-signed certificate all works ok and not when I sign squid's certificate with my Internal CA? > > Thanks. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXbrJ0AAoJENNXIZxhPexGxwUH/R1KurnKCQEbat6YwHQOTo7K TvuvOoYKPpcmN/xNVhbfWTDAOrTd9uotDOZc8HU6mS+9V9L4dhGiwiIKM6iI0J08 invXAYNlG/Jayfqie2owdrsT++qr/0mqG1Ciz/aPlKxJWhgDqecvSLM7+Uig1NRR YgeNZloON6wZI7WBKHZQ1wo91F6AtyeNzuXz/WX4JbPjS5XCuF/SUXTR4Z1VQhy6 uIrWsoZgJF0nWkkb9fvOpv3gKTfPE9NEMmPvbXPT9Nbh9wfQlXIRVIl/g5G2j1eI gNV0fRmbdHXxYV94FXW5nJd8gK5Rv3TnFw3hgR/tdUke4eFwwVpjbqseNOqydk4= =vlsj -----END PGP SIGNATURE-----
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
