Hi I tried squid4. Squid Cache: Version 4.0.23 This binary uses OpenSSL 1.1.1-dev xx XXX xxxx Before, I used: Squid Cache: Version 3.5.27 This binary uses OpenSSL 1.0.2g 1 Mar 2016 Some of the config directives changed: E.g. sslproxy_options SINGLE_DH_USE,SINGLE_ECDH_USE -> tls_tls_outgoing_options options=SINGLE_DH_USE,SINGLE_ECDH_USE But that results in version 4 in the follwing errors (cache.log) ERROR: Unknown TLS option SINGLE_DH_USE ERROR: Unknown TLS option SINGLE_ECDH_USE (same error with the same options in https_proxy) Is that a problem related to the openssl version change? In cache_peer I also have now to configure tls-cafile=/etc/ssl/certs/ca- certificates.crt explicitly (I used some self signed certificates for testing - but in Squid3 I didn't need to configure that) Otherwise I get: (71) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) In the reference it's stated that: tls-default-ca[=off] Whether to use the system Trusted CAs. Default is ON. Shouldn't the tls-cafile option be unnecessary since it's trusted by default? Furthermore I set Apache (the peer) to "SSLCipherSuite ECDHE-ECDSA-AES256- GCM-SHA384" as well as cache_peer sslcipher=ECDHE-ECDSA-AES256-GCM-SHA384 ERROR: negotiating TLS on FD 20: error:141A90B5:SSL routines:ssl_cipher_list_to_bytes:no ciphers available (1/-1/0) How can that be? _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
