On 12/12/19 11:38 am, GeorgeShen wrote: > > did a 'openssl dhparam -out dhparams.pem 4096' to generate the dhparams.pem > file, and added those into the squid.conf: > > http_port 3129 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem > generate-host-certificates=on dynamic_cert_mem_cache_size=4MB > *options=SINGLE_DH_USE:SINGLE_ECDH_USE > tls-dh=/usr/local/squid/etc/dhparams.pem* > > when the client software include the ciphersuites of the above mentioned, > still fail the TLS negotiation. Do I configured this incorrectly? What you have so far enables the DH ciphers and algorithms, but not yet the curve parts. For that you need to add the curve name to tls-dh option. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
