On 11/12/19 4:00 pm, GeorgeShen wrote: > I'm running the squid latest from download site. 4.9 > Ok, i suspect that was related to my ^C running the process in foreground, > but I also see before that there are warning messages in the log: > 2019/12/09 19:23:12.116 kid1| WARNING: > /usr/local/squid/libexec/security_file_certgen -s > /usr/local/squid/var/logs/ssl_db -M 4MB #Hlpr5 exited > 2019/12/09 19:23:12.118 kid1| WARNING: > /usr/local/squid/libexec/security_file_certgen -s > /usr/local/squid/var/logs/ssl_db -M 4MB #Hlpr1 exited > 2019/12/09 19:23:12.123 kid1| WARNING: > /usr/local/squid/libexec/security_file_certgen -s > /usr/local/squid/var/logs/ssl_db -M 4MB #Hlpr3 exited > > it could be related also to my ^C, but not sure. > > the other program, I have found it is related to my golang program set the > ciphersuite to some more secured cipher algorithm: > tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, and > tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. After removed those cipher > restrictions, the ssl-bump does work. That implies that your proxy is configured in such a way that these ciphers are not usable - and/or that the origin servers being contacted cannot handle them. You may want to fix that for at least Squid. To do so set the tls-dh= option with a preference EC curve name and DHE parameters file. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
