On 06/18/2017 09:49 AM, meym wrote: >> On 06/17/2017 10:09 AM, meym wrote: >>> Squid Cache: Version 4.0.20 >>> "FATAL: Unknown http_port option 'ssl-bump'." >> >> Your Squid thinks it was built without OpenSSL support. OpenSSL support >> is required for SslBump. Examine your ./configure options and output. > With libressl actually. I do not know what you mean by that remark exactly, but what I said applies to any library providing OpenSSL API, including LibreSSL. Moreover: * Squid does not know anything about LibreSSL. Somebody added the letters "LibreSSL" to squid.conf.documented, but that was a mistake IMO. * Primary SslBump developers do not normally use or test with LibreSSL. * LibreSSL provides OpenSSL API so you can tell Squid to use LibreSSL as if it was OpenSSL, and things should work as well as with OpenSSL itself if (and only if) LibreSSL does a good job providing that OpenSSL API. * LibreSSL does not do a good job providing OpenSSL API and/or Squid does not do a good job detecting OpenSSL API variations in a LibreSSL-compatible way (depending on your point of view). See bug #4662 for more details. There have been recent improvements in LibreSSL-compatibility area, but I am not sure those improvements (or the problems) are in your Squid version and, at any rate, are taking significant additional risks by using LibreSSL with SslBump. Whether those risks are worth using something other than OpenSSL is your call, of course. Alex. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users