Re: Error: (71) Protocol error (TLS code:SQUID_ERR_SSL_HANDSHAKE)

Loučanský Lukáš <Loucansky.Lukas@xxxxxx> · Mon, 22 Jun 2020 08:10:24 +0200



Sorry -  but how is your solution different from:
1) openssl dhparam -outform PEM -out dhparam.pem 2048
2) https_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/rootCA.crt key=/usr/local/squid/etc/rootCA.key options=SINGLE_DH_USE,SINGLE_ECDH_USE tls-dh=/usr/local/squid/etc/dhparam.pem

Or tls-dh=prime256v1:/usr/local/squid/etc/dhparam.pem

?

LL

> I have tested 4.12 and with default settings I am getting an error on some local common web pages.
> 
>  
> 
> (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE)
> Handshake with SSL server failed: error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small

 
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users