|
Am Montag, 12. Februar 2018, 14:29:09 CET schrieb chiasa.men: > Hi I tried squid4. > > Squid Cache: Version 4.0.23 > This binary uses OpenSSL 1.1.1-dev xx XXX xxxx > > Before, I used: > Squid Cache: Version 3.5.27 > This binary uses OpenSSL 1.0.2g 1 Mar 2016 > > Some of the config directives changed: > E.g. > sslproxy_options SINGLE_DH_USE,SINGLE_ECDH_USE > -> > tls_tls_outgoing_options options=SINGLE_DH_USE,SINGLE_ECDH_USE > > But that results in version 4 in the follwing errors (cache.log) > ERROR: Unknown TLS option SINGLE_DH_USE > ERROR: Unknown TLS option SINGLE_ECDH_USE > > (same error with the same options in https_proxy) > > Is that a problem related to the openssl version change? > > > In cache_peer I also have now to configure tls-cafile=/etc/ssl/certs/ca- > certificates.crt explicitly (I used some self signed certificates for > testing - but in Squid3 I didn't need to configure that) > Otherwise I get: > (71) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) > In the reference it's stated that: > tls-default-ca[=off] > Whether to use the system Trusted CAs. Default is ON. > Shouldn't the tls-cafile option be unnecessary since it's trusted by > default? > > > > Furthermore I set Apache (the peer) to "SSLCipherSuite ECDHE-ECDSA-AES256- > GCM-SHA384" > as well as cache_peer sslcipher=ECDHE-ECDSA-AES256-GCM-SHA384 > > ERROR: negotiating TLS on FD 20: error:141A90B5:SSL > routines:ssl_cipher_list_to_bytes:no ciphers available (1/-1/0) > > How can that be? > > > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users
Any idea?
|
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
