On 10/06/18 20:42, Walter H. wrote: > On 10.06.2018 08:49, Amos Jeffries wrote: >> >> Interesting. >> >> The main issue was that you configured only params for the Diffi-Helman >> (DH and DHE) ciphers - no curve name. That meant your specified EEC* >> ciphers were disabled since they require a curve name as well. >> >> Removing this option completely disables both DH and ECDH cipher types. >> Leaving your proxy with only the RSA based ciphers. >> > can you please tell, how to configure this correct > > I mean how to specify the curve name ... > and which curves are possible The documentation covers that. <http://www.squid-cache.org/Doc/config/http_port/> " tls-dh=[curve:]file File containing DH parameters for temporary/ephemeral DH key exchanges, optionally prefixed by a curve for ephemeral ECDH key exchanges. See OpenSSL documentation for details on how to create the DH parameter file. Supported curves for ECDH can be listed using the "openssl ecparam -list_curves" command. WARNING: EDH and EECDH ciphers will be silently disabled if this option is not set. " Curve names depend on library, so you have to check your own library for them as described above. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
