Can you share the squid.conf so I can try to reproduce the issue here locally and verify how it could be resolved? What OS and other relevant details such as “squid -v” output might help. Thanks, Eliezer From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of ns@xxxxxxxxxxxxxxxxxxxx Good morning, I have been using Squid as an http caching proxy for a long time. It's the second time I configured Squid for https caching and interception/inspection. The first time everything was fine The second...not so much. I use the ssl_bump feature. With Squid 4.13 and Openssl v 1.1.1k-1 all works well without errors or warnings. With Squid v. 5.2.1 and Openssl v. 3.0.1, I got one error and one warning. I tried to use the same squid.conf for Squid 4 and Squid 5. Here are the problems with Squid 5. 1) ERROR I checked the configuration with the command "squid -k parse" and I got this error: ERROR: Unable to configure Ephemeral ECDH: error:0480006C:PEM routines::no start line If I remove the curve name from tls-dh in the config file, the error disappears. First question: Which is the problem? How can I do to keep the curve name (prime256v1) 2) WARNING I checked the configuration with the command "squid -k parse" and I got this warning: WARNING: Failed to decode DH parameters '/var/lib/squid/ssl_cert/squid-self-signed_dhparam.pem' I generated the file for the Diffie-Hellman algorithm with this command (it worked with Squid4): openssl dhparam -outform PEM -out squid-self-signed_dhparam.pem 2048 Second question: Have you an idea on how to fix this? Thank you. |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
