On 12/10/18 12:34 PM, L A Walsh wrote: > I seem to have a problem specifying the cipher list in the tls_outgoing > options. > The line I have: > tls_outgoing_options > options=NOSSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE,cipher=EECDH+ECDSA+AESGCM:\ Comma .....................................^^^^^ > EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:\ > EECDH+aRSA+SHA256:EECDH+aRSA+RC4:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS > > > Of note, I split the line here in email with '\', but in the config > file, it is one long line (w/o the '\'). Squid understands line wrapping in the form of '\' terminators and whitespace prefix on the next line. So you can make the config easier to read and fix bugs like above by using the wrapping. tls_outgoing_options options=... \ cipher=... > > The error I get from squid 4.0.25 is: (using check) > > # /usr/sbin/squid -k check > 2018/10/11 16:14:31| FATAL: Unknown TLS option > '=EECDH-ECDSA-AESGCM:EECDH-aRSA-AESGCM:EECDH-ECDSA-SHA384:EECDH-ECDSA-SHA256:\ > > EECDH-aRSA-SHA384:EECDH-aRSA-SHA256:EECDH-aRSA-RC4:!RC4:!aNULL:!eNULL:!LOW:!3DES:\ > > !MD5:!EXP:!PSK:!SRP:!DSS' > > (w/o the splits). > > I can't tell what it is objecting to. There is no such "options=" setting as ",cipher=EECDH+..." > > To give it a rootcert, can I re-use the same rootcert > I had in 3.x? > Yes. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
