Hi team,
Any update on this?
Regards,
Nikhil
On Thu, Sep 14, 2023 at 6:05 PM Shyam varun <shyam3898@xxxxxxxxx> wrote:
Dear Squid Mailing List Community,
I hope this email finds you well. I am currently working on configuring SSL bump in Squid proxy server to support ECDSA ciphers, and I am seeking assistance with a particular issue I've encountered.
To provide some context:
- Squid Version: Squid 5.2
- OpenSSL Version: OpenSSL 1.1.1l
- OS: Alpine Linux v3.16
- Squid Configuration:sslproxy_cert_error allow allsslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MBhttp_port 3129 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/opt/ssl/intermediate_certificate.pem key=/opt/ssl/intermediate_key.pem options=SINGLE_DH_USE,SINGLE_ECDH_USE tls-dh=/opt/dhparam.pemtls_outgoing_options min-version=1.1 options=NO_SSLv3acl step1 at_step SslBump1ssl_bump peek step1ssl_bump bump all
The goal of my configuration is to enable SSL bump for ECDSA ciphers, specifically the "ECDHE-ECDSA-AES256-GCM-SHA384" and "ECDHE-ECDSA-AES128-GCM-SHA256" cipher suites. However, I've run into challenges and issues while trying to achieve this.
Things I tried:
- I created an ECDSA-based certificate chain using OpenSSL.
- I configured the ECDSA-based certificate certs in squid as shown in above snippet but still not able to make it work.
I've thoroughly reviewed the Squid documentation and online resources, but I haven't been able to resolve these issues on my own.
I would greatly appreciate any guidance, insights, or assistance from the Squid community regarding the proper configuration for SSL bump with ECDSA ciphers. If you have successfully configured Squid to support ECDSA ciphers or if you have expertise in this area, your input would be invaluable.
Thank you in advance for your time and support. I look forward to your responses and insights.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
