Search squid archive

Re: SSL errors with Squid 3.5.27

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/06/18 20:42, Walter H. wrote:
> On 10.06.2018 08:49, Amos Jeffries wrote:
>>
>> Interesting.
>>
>> The main issue was that you configured only params for the Diffi-Helman
>> (DH and DHE) ciphers - no curve name. That meant your specified EEC*
>> ciphers were disabled since they require a curve name as well.
>>
>> Removing this option completely disables both DH and ECDH cipher types.
>> Leaving your proxy with only the RSA based ciphers.
>>
> can you please tell, how to configure this correct
> 
> I mean how to specify the curve name ...
> and which curves are possible


The documentation covers that.

<http://www.squid-cache.org/Doc/config/http_port/>
"
  tls-dh=[curve:]file

  File containing DH parameters for temporary/ephemeral DH key
  exchanges, optionally prefixed by a curve for ephemeral ECDH
  key exchanges.

  See OpenSSL documentation for details on how to create the
  DH parameter file. Supported curves for ECDH can be listed
  using the "openssl ecparam -list_curves" command.

  WARNING: EDH and EECDH ciphers will be silently disabled if
  this option is not set.
"

Curve names depend on library, so you have to check your own library for
them as described above.

Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux